Candidate: CVE-2010-3389
PublicDate: 2010-10-20 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3389
Description:
 The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka
 resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length
 directory name in the LD_LIBRARY_PATH, which allows local users to gain
 privileges via a Trojan horse shared library in the current working
 directory.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_cluster-agents:
 vendor: https://rhn.redhat.com/errata/RHSA-2011-1000.html
upstream_cluster-agents: released (1.0.4)
dapper_cluster-agents: DNE
hardy_cluster-agents: DNE
jaunty_cluster-agents: DNE
karmic_cluster-agents: DNE
lucid_cluster-agents: ignored (reached end-of-life)
maverick_cluster-agents: ignored (reached end-of-life)
natty_cluster-agents: ignored (reached end-of-life)
oneiric_cluster-agents: ignored (reached end-of-life)
precise_cluster-agents: not-affected (1:1.0.4-0ubuntu1)
quantal_cluster-agents: ignored (reached end-of-life)
raring_cluster-agents: ignored (reached end-of-life)
saucy_cluster-agents: ignored (reached end-of-life)
trusty_cluster-agents: not-affected (1:1.0.4-0ubuntu1)
trusty/esm_cluster-agents: DNE (trusty was not-affected [1:1.0.4-0ubuntu1])
devel_cluster-agents: not-affected (1:1.0.4-0ubuntu1)