PT-2010-4778 · Unknown · Tuning/Analysis Utilities

Raphael Geissert

Published

2010-10-20

Updated

2010-10-21

CVE-2010-3382

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tuning and Analysis Utilities (TAU) version 2.16.4

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to tauex in Tuning and Analysis Utilities (TAU) placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For version 2.16.4, consider restricting access to the LD LIBRARY PATH environment variable to prevent malicious libraries from being loaded, until a patch is available. As a temporary workaround, avoid using tauex in environments where local users could potentially exploit this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-3382

Affected Products

Tuning/Analysis Utilities

PT-2010-4778 · Unknown · Tuning/Analysis Utilities

CVE-2010-3382

Related Identifiers

Affected Products

References · 2