Red Hat Security Advisory 2011-1580-03 - The resource-agents package contains a set of scripts to interface with several services to operate in a High Availability environment for both Pacemaker and rgmanager service managers. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.
76b9d260e2212ac0676410bf96ddadbac1b1f6a01a5448c80f8bb5634a12d824