Local User Vulnerability in Gargoyle-Free by Debian
CVE-2010-3359

4.8MEDIUM

Key Information:

Vendor: Gargoyle Project
Status: Gargoyle
Vendor: CVE Published:; 12 November 2019

🔔 Create Gargoyle Project Vulnerability Alert

What is CVE-2010-3359?

A vulnerability in Gargoyle-Free prior to August 25, 2009, occurs when the LD_LIBRARY_PATH environment variable is not defined. This situation allows a local user to create a malicious library (libgarglk.so) in the current directory. If another user inadvertently runs Gargoyle-Free in this directory, the malicious library will be executed, potentially granting the local user unauthorized access to the victim's account and sensitive data.

References

https://security-tracker.debian.org/tracker/CVE-2010-3359

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2019
Vulnerability Reserved
Sep 15, 2010

JSON