PT-2019-6557 · Gargoyle · Gargoyle

Published

2019-11-12

Updated

2020-08-18

CVE-2010-3359

CVSS v3.1

4.8

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions gargoyle-free versions prior to 2009-08-25

Description The issue allows a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so, potentially gaining access to the user's account. This occurs when the LD LIBRARY PATH is undefined.

Recommendations For versions prior to 2009-08-25, define the LD LIBRARY PATH to prevent it from pointing to the current directory, or ensure that users are aware of the potential risk when running gargoyle in untrusted directories.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-3359

Affected Products

Gargoyle

PT-2019-6557 · Gargoyle · Gargoyle

CVE-2010-3359

Weakness Enumeration

Related Identifiers

Affected Products

References · 4