Vulnerabilities > CVE-2010-3349 - Unspecified vulnerability in Ardour 2.8.11
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-15560.NASL description Fix CVE-2010-3349 - insecure library loading vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49982 published 2010-10-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49982 title Fedora 14 : ardour-2.8.11-5.fc14 (2010-15560) NASL family Fedora Local Security Checks NASL id FEDORA_2010-15510.NASL description Fix CVE-2010-3349 - insecure library loading vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49981 published 2010-10-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49981 title Fedora 13 : ardour-2.8.11-5.fc13 (2010-15510) NASL family Fedora Local Security Checks NASL id FEDORA_2010-15499.NASL description Fix CVE-2010-3349 - insecure library loading vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49980 published 2010-10-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49980 title Fedora 12 : ardour-2.8.11-5.fc12 (2010-15499)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598283
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049333.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049373.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049377.html
- http://secunia.com/advisories/41872
- http://www.securityfocus.com/bid/44106
- http://www.vupen.com/english/advisories/2010/2678
- https://bugzilla.redhat.com/show_bug.cgi?id=638365