CVE-2010-3998

NameCVE-2010-3998
DescriptionThe (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs605095

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
banshee (PTS)jessie2.6.2-3fixed
stretch2.6.2-6.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bansheesource(unstable)1.6.1-1.1605095

Notes

[lenny] - banshee <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems