CVE-2010-2953

Published: 14 September 2010

Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.

Priority

Status

Package	Release	Status
couchdb Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Does not exist
	jaunty	Ignored (end of life)
	karmic	Ignored (end of life)
	lucid	Ignored (end of life)
	maverick	Released (1.0.1-0ubuntu2)
	natty	Released (1.0.1-0ubuntu2)
	oneiric	Released (1.0.1-0ubuntu2)
	precise	Released (1.0.1-0ubuntu2)
	quantal	Released (1.0.1-0ubuntu2)
	raring	Released (1.0.1-0ubuntu2)
	upstream	Not vulnerable (patch not upstream)

References

https://www.cve.org/CVERecord?id=CVE-2010-2953
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›