CVE-2010-3393

Name of the Vulnerable Software and Affected Versions Magics++ version 2.10.0

Description The issue in Magics++ allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to magics-config placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For Magics++ version 2.10.0, consider restricting access to the LD LIBRARY PATH environment variable to prevent unauthorized modifications until a patch is available. As a temporary workaround, avoid using the magics-config functionality in sensitive environments. At the moment, there is no information about a newer version that contains a fix for this vulnerability.