Vulnerabilities > CVE-2010-4236 - Unspecified vulnerability in IBM Omnifind
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ibm
exploit available
Summary
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | IBM OmniFind - Privilege Escalation Vulnerability. CVE-2010-3895,CVE-2010-4236. Local exploits for multiple platform |
| file | exploits/multiple/local/15475.txt |
| id | EDB-ID:15475 |
| last seen | 2016-02-01 |
| modified | 2010-11-09 |
| platform | multiple |
| port | |
| published | 2010-11-09 |
| reporter | Fatih Kilic |
| source | https://www.exploit-db.com/download/15475/ |
| title | IBM OmniFind - Privilege Escalation Vulnerability |
| type | local |
References
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
- http://www.exploit-db.com/exploits/15475
- http://www.exploit-db.com/exploits/15475
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/archive/1/514688/100/0/threaded
- http://www.securityfocus.com/bid/44740
- http://www.securityfocus.com/bid/44740
- http://www.vupen.com/english/advisories/2010/2933
- http://www.vupen.com/english/advisories/2010/2933