CVE-2010-3378

NameCVE-2010-3378
DescriptionThe (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs598422, 598423

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
scilab (PTS)jessie5.5.1-7fixed
stretch (security), stretch (lts), stretch5.5.2-4+deb9u1fixed
buster6.0.1-10+deb10u1fixed
bullseye6.1.0+dfsg1-7fixed
bookworm6.1.1+dfsg2-6fixed
sid, trixie2024.1.0+dfsg-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
scilabsource(unstable)5.2.2-8598422, 598423

Notes

[lenny] - scilab <no-dsa> (Non-free not supported)

Search for package or bug name: Reporting problems