CVE-2010-3384
published 2010-10-20CVE-2010-3384: The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the…
PriorityP420medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.38%
30.0th percentile
The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bernhard_wymann | torcs | — | — |
| bernhard_wymann | torcs | >= 0 < 1.3.1-5 | 1.3.1-5 |
| bernhard_wymann | torcs | >= 0 < 1.3.1-5 | 1.3.1-5 |
| bernhard_wymann | torcs | >= 0 < 1.3.1-5 | 1.3.1-5 |
| bernhard_wymann | torcs | >= 0 < 1.3.1-5 | 1.3.1-5 |
| debian | torcs | < torcs 1.3.1-5 (bookworm) | torcs 1.3.1-5 (bookworm) |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-3384: torcs - The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2a...
vendor_debian·2010·CVSS 6.9
CVE-2010-3384 [MEDIUM] CVE-2010-3384: torcs - The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2a...
The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Scope: local
bookworm: resolved (fixed in 1.3.1-5)
bullseye: resolved (fixed in 1.3.1-5)
forky: resolved (fixed in 1.3.1-5)
sid: resolved (fixed in 1.3.1-5)
trixie: resolved (fixed in 1.3.1-5)
GHSA
GHSA-5pvx-gc3m-qw38: The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1
ghsa_unreviewed·2022-05-17
CVE-2010-3384 [MEDIUM] GHSA-5pvx-gc3m-qw38: The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1
The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
OSV
CVE-2010-3384: The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1
osv·2010-10-20·CVSS 6.9
CVE-2010-3384 [MEDIUM] CVE-2010-3384: The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1
The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-3384 torcs: insecure library loading vulnerability
bugzilla·2010-09-28·CVSS 6.9
CVE-2010-3384 [MEDIUM] CVE-2010-3384 torcs: insecure library loading vulnerability
CVE-2010-3384 torcs: insecure library loading vulnerability
Raphael Geissert conducted a review of various packages in Debian and found that torcs contained numerous scripts that could be abused by an attacker to execute arbitrary code [1].
The vulnerability is due to an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries in directories other than the standard paths. When there is an empty item in the colon-separated list of directories in LD_LIBRARY_PATH, ld.so(8) treats it as a '.' (current working directory). If the given script is executed from a directory where a local attacker could write files, there is a chance for exploitation.
In Fedora, /usr/bin/{acc,nfs2ac,nfsperf,texmapper,torcs,trackgen} all re-set LD_LIBRARY_PATH insecurely:
Bugzilla
CVE-2010-3384 torcs: insecure library loading vulnerability [fedora-all]
bugzilla·2010-09-28·CVSS 6.9
CVE-2010-3384 [MEDIUM] CVE-2010-3384 torcs: insecure library loading vulnerability [fedora-all]
CVE-2010-3384 torcs: insecure library loading vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=638391
Please note: this issue affects multiple s
2010-10-20
Published