what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2005-4790

Status Candidate

Overview

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.

Related Files

Mandriva Linux Security Advisory 2008-064
Posted Mar 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application.

tags | advisory
systems | linux, mandriva
advisories | CVE-2005-4790
SHA-256 | 3344f62b9cd92658b0f5784495d5ca01a5252b0fb139aef56d3711d6e64c80e2
Gentoo Linux Security Advisory 200801-14
Posted Jan 28, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-14 - The /usr/bin/blam script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) being included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 1.8.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-4790
SHA-256 | 3f5369e615881d85093c15e888233ac85ef3a385dfde99e2e089ccce89737027
Ubuntu Security Notice 560-1
Posted Jan 8, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 560-1 - Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-4790
SHA-256 | 232ac33c0b1ecabcabbfb7e07d463a43483a52bf13d409297c7a475feb425000
Gentoo Linux Security Advisory 200711-12
Posted Nov 8, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-12 - Jan Oravec reported that the /usr/bin/tomboy script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 0.8.1-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-4790
SHA-256 | f8bda11dcc30f436bbd2cba1aad856429dbb9a8ee0aa970c796cc837a1add317
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close