Local Privilege Escalation Vulnerability in Dropbox by Dropbox, Inc.
CVE-2010-3354

Currently unrated

Key Information:

Vendor: Dropbox
Status: Dropbox
Vendor: CVE Published:; 20 October 2010

What is CVE-2010-3354?

In Dropbox version 0.7.110, the dropboxd process improperly handles zero-length directory names within the LD_LIBRARY_PATH environment variable. This flaw could be exploited by local users to gain elevated privileges through the loading of a malicious shared library located in the current working directory. This vulnerability highlights critical issues related to user permissions and the management of shared libraries.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598287

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 20, 2010