Vulnerability Details : CVE-2010-3999


CVE Name: CVE-2010-3999: Privilege Escalation vulnerability on Gnucash Gnucash
Description: gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Publish date: 2010-11-05T17:00Z
Last Update: 2010-12-10T06:46Z

CVSS Scores & Vulnerability Types


CVSS Score
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Actack VectorLOCAL
Actack ComplexityMEDIUM
Privileges RequiredNONE
User InteractionRequired
ScopeNo info
Vulnerability Type(s)Privilege Escalation
CWE IDN/I

Products Affected By CVE-2010-3999


# Vendor Product Vulnerable Versions
1 Gnucash Gnucash 31

Detail of Verions Affected


# Product Type Vendor Product Version
1 Application Gnucash Gnucash 2.3.11
2 Application Gnucash Gnucash 2.3.10
3 Application Gnucash Gnucash 2.3.9
4 Application Gnucash Gnucash 2.3.2
5 Application Gnucash Gnucash 2.3.1
6 Application Gnucash Gnucash 2.2.4
7 Application Gnucash Gnucash 2.2.3
8 Application Gnucash Gnucash 1.8.4
9 Application Gnucash Gnucash 1.8.3
10 Application Gnucash Gnucash *
11 Application Gnucash Gnucash 2.3.8
12 Application Gnucash Gnucash 2.3.7
13 Application Gnucash Gnucash 2.3.0
14 Application Gnucash Gnucash 2.2.9
15 Application Gnucash Gnucash 2.2.2
16 Application Gnucash Gnucash 2.2.1
17 Application Gnucash Gnucash 2.3.14
18 Application Gnucash Gnucash 2.3.6
19 Application Gnucash Gnucash 2.3.5
20 Application Gnucash Gnucash 2.2.8
21 Application Gnucash Gnucash 2.2.7
22 Application Gnucash Gnucash 2.2.0
23 Application Gnucash Gnucash 2.0.1
24 Application Gnucash Gnucash 2.3.13
25 Application Gnucash Gnucash 2.3.12
26 Application Gnucash Gnucash 2.3.4
27 Application Gnucash Gnucash 2.3.3
28 Application Gnucash Gnucash 2.2.6
29 Application Gnucash Gnucash 2.2.5
30 Application Gnucash Gnucash 2.0.0
31 Application Gnucash Gnucash 1.8.5