CVE-2010-3387

Name of the Vulnerable Software and Affected Versions Video Disk Recorder (VDR) version 1.6.0

Description The issue in Video Disk Recorder (VDR) allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to the vdrleaktest placing a zero-length directory name in the LD LIBRARY PATH. A third party disputes this issue, citing an error in the script where a semicolon was used instead of a colon.

Recommendations For Video Disk Recorder (VDR) version 1.6.0, consider restricting access to the vdrleaktest to minimize the risk of exploitation. As a temporary workaround, avoid using the LD LIBRARY PATH with a zero-length directory name until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.