Published: 14/09/2010 Updated: 14/09/2010

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache couchdb 0.8.0

Dan Rosenberg discovered that in couchdb, a distributed, fault-tolerant and schema-free document-oriented database, an insecure library search path is used A local attacker could execute arbitrary code by first dumping a maliciously crafted shared library in some directory, and then having an administrator run couchdb from this same directory For ...

NVD-CWE-Other http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412 http://www.debian.org/security/2010/dsa-2107 http://www.vupen.com/english/advisories/2010/2341 http://www.openwall.com/lists/oss-security/2010/08/25/7 http://www.openwall.com/lists/oss-security/2010/08/26/5 http://www.nth-dimension.org.uk/blog.php?id=87 http://www.securityfocus.com/bid/42758 http://secunia.com/advisories/41383 http://www.openwall.com/lists/oss-security/2010/08/26/1 http://www.openwall.com/lists/oss-security/2010/08/29/4 https://nvd.nist.gov https://www.debian.org/security/./dsa-2107

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-2953

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect