CVE-2012-3381

Publication date 17 August 2012

Last updated 24 July 2024

Description

sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sblim-sfcb	12.04 LTS precise	Not affected
	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

Notes

sbeattie

debian/ubuntu not affected because upstream init scripts are not used; debian init script does not contain LD_LIBRARY_PATH usage

References

MITRE
NVD
Launchpad
Debian

Other references

https://bugzilla.novell.com/show_bug.cgi?id=770234
https://bugzilla.redhat.com/show_bug.cgi?id=838160
http://www.openwall.com/lists/oss-security/2012/07/06/7
http://www.openwall.com/lists/oss-security/2012/07/06/8
https://www.cve.org/CVERecord?id=CVE-2012-3381