Lucene search

JpcertCVE-2010-3164

HistoryOct 25, 2010 - 8:01 p.m.

CVE-2010-3164

2010-10-2520:01:03

jpcert

web.nvd.nist.gov

cve-2010-3164

untrusted search path

fenrir sleipnir

grani

vulnerability

privilege escalation

trojan horse executable

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and earlier and Grani 4.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

Affected configurations

Nvd

Node

fenrirsleipnirRange≤2.9.4

fenrirsleipnirMatch2.5.0

fenrirsleipnirMatch2.5.1

fenrirsleipnirMatch2.5.2

fenrirsleipnirMatch2.5.3

fenrirsleipnirMatch2.5.4

fenrirsleipnirMatch2.5.5

fenrirsleipnirMatch2.5.6

fenrirsleipnirMatch2.5.7

fenrirsleipnirMatch2.5.8

fenrirsleipnirMatch2.5.9

fenrirsleipnirMatch2.5.10

fenrirsleipnirMatch2.5.11

fenrirsleipnirMatch2.5.12

fenrirsleipnirMatch2.5.13

fenrirsleipnirMatch2.5.14

fenrirsleipnirMatch2.5.15

fenrirsleipnirMatch2.5.16

fenrirsleipnirMatch2.5.17

fenrirsleipnirMatch2.6.0

fenrirsleipnirMatch2.6.1

fenrirsleipnirMatch2.6.2

fenrirsleipnirMatch2.7.0

fenrirsleipnirMatch2.7.1

fenrirsleipnirMatch2.7.1r2

fenrirsleipnirMatch2.7.2

fenrirsleipnirMatch2.8

fenrirsleipnirMatch2.8.2

fenrirsleipnirMatch2.8.3

fenrirsleipnirMatch2.8.4

fenrirsleipnirMatch2.8.5

fenrirsleipnirMatch2.9

fenrirsleipnirMatch2.9.1

fenrirsleipnirMatch2.9.2

fenrirsleipnirMatch2.9.3

Node

fenrirgraniRange≤4.3

fenrirgraniMatch3.0

fenrirgraniMatch3.1

fenrirgraniMatch3.2

fenrirgraniMatch3.5

fenrirgraniMatch4.0

fenrirgraniMatch4.1

fenrirgraniMatch4.2

VendorProductVersionCPE
fenrirsleipnir*cpe:2.3:a:fenrir:sleipnir:*:*:*:*:*:*:*:*
fenrirsleipnir2.5.0cpe:2.3:a:fenrir:sleipnir:2.5.0:*:*:*:*:*:*:*
fenrirsleipnir2.5.1cpe:2.3:a:fenrir:sleipnir:2.5.1:*:*:*:*:*:*:*
fenrirsleipnir2.5.2cpe:2.3:a:fenrir:sleipnir:2.5.2:*:*:*:*:*:*:*
fenrirsleipnir2.5.3cpe:2.3:a:fenrir:sleipnir:2.5.3:*:*:*:*:*:*:*
fenrirsleipnir2.5.4cpe:2.3:a:fenrir:sleipnir:2.5.4:*:*:*:*:*:*:*
fenrirsleipnir2.5.5cpe:2.3:a:fenrir:sleipnir:2.5.5:*:*:*:*:*:*:*
fenrirsleipnir2.5.6cpe:2.3:a:fenrir:sleipnir:2.5.6:*:*:*:*:*:*:*
fenrirsleipnir2.5.7cpe:2.3:a:fenrir:sleipnir:2.5.7:*:*:*:*:*:*:*
fenrirsleipnir2.5.8cpe:2.3:a:fenrir:sleipnir:2.5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fenrir	sleipnir	*	cpe:2.3:a:fenrir:sleipnir::::::::
fenrir	sleipnir	2.5.0	cpe:2.3:a:fenrir:sleipnir:2.5.0:::::::*
fenrir	sleipnir	2.5.1	cpe:2.3:a:fenrir:sleipnir:2.5.1:::::::*
fenrir	sleipnir	2.5.2	cpe:2.3:a:fenrir:sleipnir:2.5.2:::::::*
fenrir	sleipnir	2.5.3	cpe:2.3:a:fenrir:sleipnir:2.5.3:::::::*
fenrir	sleipnir	2.5.4	cpe:2.3:a:fenrir:sleipnir:2.5.4:::::::*
fenrir	sleipnir	2.5.5	cpe:2.3:a:fenrir:sleipnir:2.5.5:::::::*
fenrir	sleipnir	2.5.6	cpe:2.3:a:fenrir:sleipnir:2.5.6:::::::*
fenrir	sleipnir	2.5.7	cpe:2.3:a:fenrir:sleipnir:2.5.7:::::::*
fenrir	sleipnir	2.5.8	cpe:2.3:a:fenrir:sleipnir:2.5.8:::::::*

Rows per page:

1-10 of 431

References

jvn.jp/en/jp/JVN89272705/index.html

jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html

www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html

www.fenrir.co.jp/grani/note.html

exchange.xforce.ibmcloud.com/vulnerabilities/64435

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-3164