Vulnerability in Apache Couchdb
CVE-2010-2953
Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory.
EPSS: 0.001 (34.8th percentile) — read the EPSS interpretation.
Affected products
- Apache Couchdb — versions 0.8.0
- N/a — versions n/a
References
- secalert@redhat.com (x_refsource_MISC)
- ADV-2010-2341 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- 41383 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 42758 (vdb-entry, x_refsource_BID)
- [oss-security] 20100829 Hardening the linker (was Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only)) (mailing-list, x_refsource_MLIST)
- [oss-security] 20100826 Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20100826 Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) (mailing-list, x_refsource_MLIST)
- [oss-security] 20100825 CVE request: CouchDB insecure library loading (Debian/Ubuntu only) (mailing-list, x_refsource_MLIST)
- DSA-2107 (vendor-advisory, x_refsource_DEBIAN)