Untrusted Search Path Vulnerability in CouchDB by Debian
CVE-2010-2953

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 14 September 2010

Summary

A vulnerability exists in the CouchDB script provided by Debian GNU/Linux, where an untrusted search path is exploited by local users. This flaw allows attackers to gain elevated privileges by placing a malicious shared library in the current working directory, which is then executed by the script. Users of CouchDB 0.8.0 should take immediate action to mitigate the risk of unauthorized privilege escalation.

References

http://www.nth-dimension.org.uk/blog.php?id=87

x_refsource_MISC

http://www.vupen.com/english/advisories/2010/2341

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/41383

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 14, 2010
Vulnerability Reserved
Aug 4, 2010