CVE-2010-3375 – CVE-2010-3375 is an insecure library loading vu... (How to Fix)

📋 TL;DR

CVE-2010-3375 is an insecure library loading vulnerability in qtparted that allows attackers to execute arbitrary code by loading malicious libraries from untrusted directories. This affects systems running vulnerable versions of qtparted, typically on Linux distributions. The vulnerability stems from improper handling of library search paths.

💻 Affected Systems

Products:

qtparted

Versions: Versions prior to 0.4.5-7.1 (Debian/Ubuntu patches)

Operating Systems: Linux distributions including Debian, Ubuntu

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires local access to execute qtparted or influence its library loading behavior.

📦 What is this software?

Qtparted by Qtparted Project

View all CVEs affecting Qtparted →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing complete control over the affected system, data theft, and lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution with the privileges of the user running qtparted.

🟢

If Mitigated

Limited impact if proper access controls restrict untrusted users from executing qtparted or modifying library paths.

🌐 Internet-Facing: LOW - qtparted is typically a local partition management tool not exposed to the internet.

🏢 Internal Only: MEDIUM - Risk exists if untrusted local users can execute qtparted or influence library loading paths.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and ability to place malicious libraries in directories qtparted searches. No authentication bypass needed beyond local user access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: qtparted 0.4.5-7.1 (Debian/Ubuntu) or later

Vendor Advisory: https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html

Restart Required: No

Instructions:

1. Update system packages: sudo apt-get update && sudo apt-get upgrade
2. Specifically update qtparted: sudo apt-get install --only-upgrade qtparted
3. Verify installation with: dpkg -l | grep qtparted

🔧 Temporary Workarounds

Remove qtparted

linux

Uninstall qtparted if not needed to eliminate the attack surface.

sudo apt-get remove qtparted

Restrict execution permissions

linux

Limit qtparted execution to trusted users only using filesystem permissions.

sudo chmod 750 /usr/sbin/qtparted
sudo chown root:trustedgroup /usr/sbin/qtparted

🧯 If You Can't Patch

Remove qtparted package entirely if partition management functionality is not required.
Implement strict access controls to prevent untrusted users from executing qtparted or modifying library search paths.

🔍 How to Verify

Check if Vulnerable:

Check qtparted version: dpkg -l | grep qtparted. If version is earlier than 0.4.5-7.1, system is vulnerable.

Check Version:

dpkg -l | grep qtparted

Verify Fix Applied:

Confirm qtparted version is 0.4.5-7.1 or later: dpkg -l | grep qtparted

📡 Detection & Monitoring

Log Indicators:

Unusual library loading errors in system logs
Execution of qtparted by non-privileged users

Network Indicators:

Typically none - this is a local exploitation vulnerability

SIEM Query:

process_name='qtparted' AND user NOT IN ('root', 'trusted_users')

📊 Metadata

CVE ID: CVE-2010-3375

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: October 29, 2019

Last Updated: November 21, 2024

🔗 References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598301 Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2010-3375 Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598301 Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3375.html Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2010-3375 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2010-3375, you might also want to check these: