ID CVE-2010-3374
Summary Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Vulnerable Configurations
  • Nokia Qt Creator 2.0.0
    cpe:2.3:a:nokia:qt_creator:2.0.0
  • Nokia Qt Creator 2.0.0 beta
    cpe:2.3:a:nokia:qt_creator:2.0.0:beta
  • Nokia Qt Creator 2.0.0 alpha
    cpe:2.3:a:nokia:qt_creator:2.0.0:alpha
  • Nokia Qt Creator 2.0.0 release candidate 1
    cpe:2.3:a:nokia:qt_creator:2.0.0:rc1
  • Nokia Qt Creator 1.3.1
    cpe:2.3:a:nokia:qt_creator:1.3.1
  • Nokia Qt Creator 1.3.0
    cpe:2.3:a:nokia:qt_creator:1.3.0
  • Nokia Qt Creator 1.3.0 release candidate 1
    cpe:2.3:a:nokia:qt_creator:1.3.0:rc1
  • Nokia Qt Creator 1.3.0 beta
    cpe:2.3:a:nokia:qt_creator:1.3.0:beta
  • Nokia Qt Creator 1.2.90
    cpe:2.3:a:nokia:qt_creator:1.2.90
  • Nokia Qt Creator 1.2.0
    cpe:2.3:a:nokia:qt_creator:1.2.0
  • Nokia Qt Creator 1.1.0
    cpe:2.3:a:nokia:qt_creator:1.1.0
  • Nokia Qt Creator 1.1.0 release candidate 1
    cpe:2.3:a:nokia:qt_creator:1.1.0:rc1
  • Nokia Qt Creator 1.0.0
    cpe:2.3:a:nokia:qt_creator:1.0.0
  • Nokia Qt Creator 0.9.2 release candidate 1
    cpe:2.3:a:nokia:qt_creator:0.9.2:rc1
  • Nokia Qt Creator 0.9.1 beta
    cpe:2.3:a:nokia:qt_creator:0.9.1:beta
CVSS
Base: 6.9 (as of 05-10-2010 - 10:26)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-193.NASL
    description A vulnerability has been found in Qt Creator 2.0.0 and previous versions. The vulnerability occurs because of an insecure manipulation of a Unix environment variable by the qtcreator shell script. It manifests by causing Qt or Qt Creator to attempt to load certain library names from the current working directory (CVE-2010-3374). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 49740
    published 2010-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49740
    title Mandriva Linux Security Advisory : qt-creator (MDVSA-2010:193)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM2 GnuCash xine-lib Last.fm Scrobbler WebKitGTK+ shadow tool suite PEAR unixODBC Resource Agents mrouted rsync XML Security Library xrdb Vino OProfile syslog-ng sFlow Toolkit GNOME Display Manager libsoup CA Certificates Gitolite QtCreator Racer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2017-04-15
    plugin id 79962
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79962
    title GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
refmap via4
bid 43672
confirm
mandriva MDVSA-2010:193
vupen
  • ADV-2010-2559
  • ADV-2010-2560
Last major update 05-10-2010 - 00:00
Published 04-10-2010 - 17:00
Back to Top