CVE-2010-4005

Published: Nov 6, 2010Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2.

Affected (5)

Products: Gnome: Tomboy

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Gnome Tomboy	Up to 1.5.2
Gnome Tomboy	Version 1.0.1
Gnome Tomboy	Version 1.2.2
Gnome Tomboy	Version 1.4.2
Gnome Tomboy	Version 1.5.1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:035

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0457

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=644606

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:035

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0457

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=644606

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.