Gentoo Linux Security Advisory GLSA 200711-12 - Jan Oravec reported that the /usr/bin/tomboy script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 0.8.1-r1 are affected.
f8bda11dcc30f436bbd2cba1aad856429dbb9a8ee0aa970c796cc837a1add317
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Tomboy: User-assisted execution of arbitrary code
Date: November 08, 2007
Bugs: #189249
ID: 200711-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Tomboy doesn't properly handle environment variables, potentially
allowing a local attacker to execute arbitrary code.
Background
==========
Tomboy is a GTK-based desktop note-taking application written in C# and
the Mono C#.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-misc/tomboy < 0.8.1-r1 >= 0.8.1-r1
Description
===========
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Impact
======
A local attacker could entice a user into running Tomboy in a directory
containing a specially crafted library file to execute arbitrary code
with the privileges of the user running Tomboy.
Workaround
==========
Do not run Tomboy from an untrusted working directory.
Resolution
==========
All Tomboy users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/tomboy-0.8.1-r1"
References
==========
[ 1 ] CVE-2005-4790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-12.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHM2ejuhJ+ozIKI5gRArn0AKCHGvQMfReygx+CNJswcgHC5ZLT/QCdGyyf
HMULjLPDCYXxaJG4YGh5hU8=
=SZnY
-----END PGP SIGNATURE-----