ID CVE-2010-3999
Summary gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Vulnerable Configurations
  • cpe:2.3:a:gnucash:gnucash:2.3.14
    cpe:2.3:a:gnucash:gnucash:2.3.14
  • cpe:2.3:a:gnucash:gnucash:2.3.13
    cpe:2.3:a:gnucash:gnucash:2.3.13
  • cpe:2.3:a:gnucash:gnucash:2.3.12
    cpe:2.3:a:gnucash:gnucash:2.3.12
  • cpe:2.3:a:gnucash:gnucash:2.3.11
    cpe:2.3:a:gnucash:gnucash:2.3.11
  • cpe:2.3:a:gnucash:gnucash:2.3.10
    cpe:2.3:a:gnucash:gnucash:2.3.10
  • cpe:2.3:a:gnucash:gnucash:2.3.9
    cpe:2.3:a:gnucash:gnucash:2.3.9
  • cpe:2.3:a:gnucash:gnucash:2.3.8
    cpe:2.3:a:gnucash:gnucash:2.3.8
  • cpe:2.3:a:gnucash:gnucash:2.3.7
    cpe:2.3:a:gnucash:gnucash:2.3.7
  • cpe:2.3:a:gnucash:gnucash:2.3.6
    cpe:2.3:a:gnucash:gnucash:2.3.6
  • cpe:2.3:a:gnucash:gnucash:2.3.5
    cpe:2.3:a:gnucash:gnucash:2.3.5
  • cpe:2.3:a:gnucash:gnucash:2.3.4
    cpe:2.3:a:gnucash:gnucash:2.3.4
  • cpe:2.3:a:gnucash:gnucash:2.3.3
    cpe:2.3:a:gnucash:gnucash:2.3.3
  • cpe:2.3:a:gnucash:gnucash:2.3.2
    cpe:2.3:a:gnucash:gnucash:2.3.2
  • cpe:2.3:a:gnucash:gnucash:2.3.1
    cpe:2.3:a:gnucash:gnucash:2.3.1
  • cpe:2.3:a:gnucash:gnucash:2.3.0
    cpe:2.3:a:gnucash:gnucash:2.3.0
  • cpe:2.3:a:gnucash:gnucash:2.2.9
    cpe:2.3:a:gnucash:gnucash:2.2.9
  • cpe:2.3:a:gnucash:gnucash:2.2.8
    cpe:2.3:a:gnucash:gnucash:2.2.8
  • cpe:2.3:a:gnucash:gnucash:2.2.7
    cpe:2.3:a:gnucash:gnucash:2.2.7
  • cpe:2.3:a:gnucash:gnucash:2.2.6
    cpe:2.3:a:gnucash:gnucash:2.2.6
  • cpe:2.3:a:gnucash:gnucash:2.2.5
    cpe:2.3:a:gnucash:gnucash:2.2.5
  • cpe:2.3:a:gnucash:gnucash:2.2.4
    cpe:2.3:a:gnucash:gnucash:2.2.4
  • cpe:2.3:a:gnucash:gnucash:2.2.3
    cpe:2.3:a:gnucash:gnucash:2.2.3
  • cpe:2.3:a:gnucash:gnucash:2.2.2
    cpe:2.3:a:gnucash:gnucash:2.2.2
  • cpe:2.3:a:gnucash:gnucash:2.2.1
    cpe:2.3:a:gnucash:gnucash:2.2.1
  • cpe:2.3:a:gnucash:gnucash:2.2.0
    cpe:2.3:a:gnucash:gnucash:2.2.0
  • cpe:2.3:a:gnucash:gnucash:2.0.1
    cpe:2.3:a:gnucash:gnucash:2.0.1
  • cpe:2.3:a:gnucash:gnucash:2.0.0
    cpe:2.3:a:gnucash:gnucash:2.0.0
  • cpe:2.3:a:gnucash:gnucash:1.8.5
    cpe:2.3:a:gnucash:gnucash:1.8.5
  • cpe:2.3:a:gnucash:gnucash:1.8.4
    cpe:2.3:a:gnucash:gnucash:1.8.4
  • cpe:2.3:a:gnucash:gnucash:1.8.3
    cpe:2.3:a:gnucash:gnucash:1.8.3
  • cpe:2.3:a:gnucash:gnucash:2.3.15
    cpe:2.3:a:gnucash:gnucash:2.3.15
CVSS
Base: 6.9 (as of 08-11-2010 - 12:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16762.NASL
    description This removes an unneeded file in GnuCash that could cause a security issue if ran from a directory that other users had write access to. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50484
    published 2010-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50484
    title Fedora 14 : gnucash-2.3.15-2.fc14 (2010-16762)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16605.NASL
    description This updates GnuCash to the latest 2.4 development release, and removes an unneeded file that could cause a security issue if ran from a directory that other users had write access to. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50419
    published 2010-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50419
    title Fedora 13 : gnucash-2.3.15-2.fc13 (2010-16605)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-16622.NASL
    description This update removes an unneeded file that could cause a security issue if ran from a directory that other users had write access to. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 50420
    published 2010-11-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50420
    title Fedora 12 : gnucash-2.2.9-5.fc12 (2010-16622)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-241.NASL
    description A vulnerability was discovered and corrected in gnucash : gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3999). The affected /usr/bin/gnc-test-env file has been removed to mitigate the CVE-2010-3999 vulnerability as gnc-test-env is only used for tests and while building gnucash. Additionally for Mandriva 2010.1 gnucash-2.2.9 was not compatible with guile. This update adapts gnucash to the new API of guile.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 50820
    published 2010-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50820
    title Mandriva Linux Security Advisory : gnucash (MDVSA-2010:241)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM2 GnuCash xine-lib Last.fm Scrobbler WebKitGTK+ shadow tool suite PEAR unixODBC Resource Agents mrouted rsync XML Security Library xrdb Vino OProfile syslog-ng sFlow Toolkit GNOME Display Manager libsoup CA Certificates Gitolite QtCreator Racer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2017-04-15
    plugin id 79962
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79962
    title GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
refmap via4
bid 44563
confirm https://bugzilla.redhat.com/show_bug.cgi?id=644933
fedora
  • FEDORA-2010-16605
  • FEDORA-2010-16622
  • FEDORA-2010-16762
mandriva MDVSA-2010:241
secunia
  • 42048
  • 42054
vupen
  • ADV-2010-2848
  • ADV-2010-2898
  • ADV-2010-3060
Last major update 10-12-2010 - 01:46
Published 05-11-2010 - 13:00
Back to Top