Unrated severityNVD Advisory· Published Oct 20, 2010· Updated Jun 16, 2026
CVE-2010-3387
CVE-2010-3387
Description
vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a semicolon in a context where a colon was intended
Affected products
2- Range: =1.6.0
Patches
Vulnerability mechanics
References
1- bugs.debian.org/cgi-bin/bugreport.cginvdExploitPatch
News mentions
0No linked articles in our index yet.