CVE-2010-3377 in Salome
Summary
by MITRE
The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/07/2019
The vulnerability described in CVE-2010-3377 affects the SALOME 5.1.3 software suite, specifically targeting four critical scripts including runSalome, runTestMedCorba, runLightSalome, and hxx2salome. This issue represents a classic privilege escalation vulnerability that exploits improper environment variable handling within the software's execution framework. The flaw manifests when these scripts configure the LD_LIBRARY_PATH environment variable by including a zero-length directory name, creating a dangerous condition that can be exploited by local attackers to execute malicious code with elevated privileges.
The technical implementation of this vulnerability stems from the way the scripts construct the LD_LIBRARY_PATH variable during program initialization. When a zero-length directory name is included in this environment variable, it effectively creates an implicit reference to the current working directory. This occurs because the dynamic linker interprets empty directory entries as meaning "search in the current directory" rather than "search in no directory." The vulnerability is classified under CWE-428, which addresses "Imprecise Search Path" or "Unquoted Search Path" conditions in software development. This weakness specifically enables attackers to manipulate the library loading process through directory traversal techniques.
The operational impact of this vulnerability is significant for systems running SALOME 5.1.3, particularly in environments where users may have access to the system's working directories. Attackers can place a malicious shared library file in the current working directory and execute it with the privileges of the user running the SALOME scripts. This creates a privilege escalation scenario where a local attacker can gain elevated system access without requiring additional authentication or exploitation techniques. The attack vector is particularly concerning because it leverages legitimate system functionality rather than requiring complex exploit chains, making it both accessible and dangerous.
Security professionals should consider this vulnerability in the context of the MITRE ATT&CK framework, specifically mapping it to techniques involving privilege escalation and execution through environment variables. The vulnerability demonstrates how improper handling of system environment variables can create persistent security weaknesses that affect multiple applications within a system. Organizations should implement immediate mitigations including updating to patched versions of SALOME, reviewing script configurations to eliminate zero-length directory entries in LD_LIBRARY_PATH, and implementing proper privilege separation mechanisms. Additionally, system administrators should monitor for unauthorized library files in working directories and consider implementing stricter file system permissions to prevent malicious library placement in critical execution paths.