CVE-2010-3384 Information

Description

The (1) torcs (2) nfsperf (3) accc (4) texmapper (5) trackgen and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598306