CVE-2005-4790
CVSS6.9
发布时间 :2005-12-31 00:00:00
修订时间 :2010-11-11 00:00:00
NMCOPS    

[原文]Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.


[CNNVD]Tomboy LD_LIBRARY_PATH环境变量本地权限提升漏洞(CNNVD-200512-852)

        Tomboy是Linux和Unix平台上的桌面记事本程序。
        Tomboy在处理环境变量时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。
        app-misc/tomboy文件的/usr/bin/tomboy 脚本包含有以下行:
        export LD_LIBRARY_PATH="/usr/lib64/tomboy:$LD_LIBRARY_PATH"
        该行将环境变量LD_LIBRARY_PATH设置为/usr/lib64/tomboy,也就是在当前目录中也可以查询必需的函数库,在tomboy中通常为用户的主目录。但用户也可以从/tmp之类的目录运行应用程序,因此如果攻击者将伪造的系统函数库拷贝到了这个目录下的话,用户就可能运行攻击者所提供的指令。

- CVSS (基础分值)

CVSS分值: 6.9 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:9.3SuSE SuSE Linux 9.3
cpe:/o:suse:suse_linux:10.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4790
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-852
(官方数据源) CNNVD

- 其它链接及资源

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html
(UNKNOWN)  FEDORA  FEDORA-2007-3792
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html
(UNKNOWN)  FEDORA  FEDORA-2007-3011
https://bugzilla.redhat.com/show_bug.cgi?id=362941
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=362941
https://bugzilla.gnome.org/show_bug.cgi?id=485224
(UNKNOWN)  CONFIRM  https://bugzilla.gnome.org/show_bug.cgi?id=485224
http://xforce.iss.net/xforce/xfdb/36054
(UNKNOWN)  XF  tomboy-ldlibrarypath-privilege-escalation(36054)
http://www.ubuntulinux.org/support/documentation/usn/usn-560-1
(UNKNOWN)  UBUNTU  USN-560-1
http://www.securityfocus.com/bid/25341
(UNKNOWN)  BID  25341
http://www.novell.com/linux/security/advisories/2005_22_sr.html
(VENDOR_ADVISORY)  SUSE  SUSE-SR:2005:022
http://www.mandriva.com/security/advisories?name=MDVSA-2008:064
(UNKNOWN)  MANDRIVA  MDVSA-2008:064
http://security.gentoo.org/glsa/glsa-200801-14.xml
(UNKNOWN)  GENTOO  GLSA-200801-14
http://security.gentoo.org/glsa/glsa-200711-12.xml
(UNKNOWN)  GENTOO  GLSA-200711-12
http://secunia.com/advisories/28672
(VENDOR_ADVISORY)  SECUNIA  28672
http://secunia.com/advisories/28339
(VENDOR_ADVISORY)  SECUNIA  28339
http://secunia.com/advisories/27799
(VENDOR_ADVISORY)  SECUNIA  27799
http://secunia.com/advisories/27621
(VENDOR_ADVISORY)  SECUNIA  27621
http://secunia.com/advisories/27608
(VENDOR_ADVISORY)  SECUNIA  27608
http://secunia.com/advisories/26480
(VENDOR_ADVISORY)  SECUNIA  26480
http://osvdb.org/39578
(UNKNOWN)  OSVDB  39578
http://osvdb.org/39577
(UNKNOWN)  OSVDB  39577
http://bugs.gentoo.org/show_bug.cgi?id=199841
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=199841
http://bugs.gentoo.org/show_bug.cgi?id=189249
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=189249
http://bugs.gentoo.org/show_bug.cgi?id=188806
(UNKNOWN)  MISC  http://bugs.gentoo.org/show_bug.cgi?id=188806

- 漏洞信息

Tomboy LD_LIBRARY_PATH环境变量本地权限提升漏洞
中危 其他
2005-12-31 00:00:00 2009-08-07 00:00:00
本地  
        Tomboy是Linux和Unix平台上的桌面记事本程序。
        Tomboy在处理环境变量时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。
        app-misc/tomboy文件的/usr/bin/tomboy 脚本包含有以下行:
        export LD_LIBRARY_PATH="/usr/lib64/tomboy:$LD_LIBRARY_PATH"
        该行将环境变量LD_LIBRARY_PATH设置为/usr/lib64/tomboy,也就是在当前目录中也可以查询必需的函数库,在tomboy中通常为用户的主目录。但用户也可以从/tmp之类的目录运行应用程序,因此如果攻击者将伪造的系统函数库拷贝到了这个目录下的话,用户就可能运行攻击者所提供的指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://security.gentoo.org/glsa/glsa-200711-12.xml

- 漏洞信息 (F64433)

Mandriva Linux Security Advisory 2008-064 (PacketStormID:F64433)
2008-03-12 00:00:00
Mandriva  mandriva.com
advisory
linux,mandriva
CVE-2005-4790
[点击下载]

Mandriva Linux Security Advisory - A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:064
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : tomboy
 Date    : March 7, 2008
 Affected: 2007.1, 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by
 appending paths to LD_LIBRARY_PATH the program would also search the
 current directory for shared libraries.  In directories containing
 network data, those libraries could be injected into the application.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 e4fec795476776d6cdeb2b875dde8c17  2007.1/i586/tomboy-0.6.1-3.1mdv2007.1.i586.rpm 
 b3f45b1dfc59d49c770529b1d2458c61  2007.1/SRPMS/tomboy-0.6.1-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 a73e1c14a26e577b6306b70ff2084e74  2007.1/x86_64/tomboy-0.6.1-3.1mdv2007.1.x86_64.rpm 
 b3f45b1dfc59d49c770529b1d2458c61  2007.1/SRPMS/tomboy-0.6.1-3.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e200a429f743429bfd741ce9f8c71152  2008.0/i586/tomboy-0.8.0-1.1mdv2008.0.i586.rpm 
 54b18c82a1f0037a94c394a0203cb3bc  2008.0/SRPMS/tomboy-0.8.0-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 6698979ccf4f777c5111794f63a82604  2008.0/x86_64/tomboy-0.8.0-1.1mdv2008.0.x86_64.rpm 
 54b18c82a1f0037a94c394a0203cb3bc  2008.0/SRPMS/tomboy-0.8.0-1.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH0YOhmqjQ0CJFipgRAgSmAJ9otgdVwjfflVe6jpml6bwdnSEqRQCg47aY
Q2rEjKTOGDGKOt2GK6QFVE4=
=2bbj
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F63021)

Gentoo Linux Security Advisory 200801-14 (PacketStormID:F63021)
2008-01-28 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-4790
[点击下载]

Gentoo Linux Security Advisory GLSA 200801-14 - The /usr/bin/blam script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) being included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 1.8.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200801-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Blam: User-assisted execution of arbitrary code
      Date: January 27, 2008
      Bugs: #199841
        ID: 200801-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Blam doesn't properly handle environment variables, potentially
allowing a local attacker to execute arbitrary code.

Background
==========

Blam is an RSS and Atom feed reader for GNOME written in C#.

Affected packages
=================

    -------------------------------------------------------------------
     Package        /  Vulnerable  /                        Unaffected
    -------------------------------------------------------------------
  1  net-news/blam       < 1.8.4                              >= 1.8.4

Description
===========

The "/usr/bin/blam" script sets the "LD_LIBRARY_PATH" environment
variable incorrectly, which might result in the current working
directory (.) being included when searching for dynamically linked
libraries of the Mono Runtime application.

Impact
======

A local attacker could entice a user to run Blam in a directory
containing a specially crafted library file which could result in the
execution of arbitrary code with the privileges of the user running
Blam.

Workaround
==========

Do not run Blam from an untrusted working directory.

Resolution
==========

All Blam users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-news/blam-1.8.4"

References
==========

  [ 1 ] CVE-2005-4790
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200801-14.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
    

- 漏洞信息 (F62403)

Ubuntu Security Notice 560-1 (PacketStormID:F62403)
2008-01-08 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,local
linux,ubuntu
CVE-2005-4790
[点击下载]

Ubuntu Security Notice 560-1 - Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.

=========================================================== 
Ubuntu Security Notice USN-560-1           January 07, 2008
tomboy vulnerability
CVE-2005-4790
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tomboy                          0.3.5-1ubuntu3.1

Ubuntu 6.10:
  tomboy                          0.4.1-0ubuntu3.1

Ubuntu 7.04:
  tomboy                          0.6.3-0ubuntu1.1

Ubuntu 7.10:
  tomboy                          0.8.0-1ubuntu0.1

After a standard system upgrade you need to restart Tomboy to effect
the necessary changes.

Details follow:

Jan Oravec discovered that Tomboy did not properly setup the
LD_LIBRARY_PATH environment variable. A local attacker could
exploit this to execute arbitrary code as the user invoking
the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1.diff.gz
      Size/MD5:    23933 6c9f715503954349ea56aeb86da98da6
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1.dsc
      Size/MD5:      887 67368aeea634e7ea85404c08c7203752
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5.orig.tar.gz
      Size/MD5:   665911 63da1e4c752fa8802b40eb5b4726ff35

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_amd64.deb
      Size/MD5:   151414 66f0431f00f2b408d36142573e0ae81a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_i386.deb
      Size/MD5:   148058 20c1fad5297117a6b7a42ce22c542c09

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_powerpc.deb
      Size/MD5:   149712 314fdc7e7c09989828f867076f3a9916

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_sparc.deb
      Size/MD5:   148738 b966585a564a3a8485195ebc445c8811

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1.diff.gz
      Size/MD5:     7320 9ee233ef334cd4df7ed06ca10f66a29f
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1.dsc
      Size/MD5:      921 663cff08a633aea0a39432269e702bb5
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1.orig.tar.gz
      Size/MD5:   937041 7e9ab15b8c799d265676173f8a8de7ce

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5:   425900 4e7c700e7997cd0ea9c125d907765b47

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5:   423536 2233018b7964415d4d92f2226cceacae

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5:   424412 0658a6b6650b43cca494c6c54bc36a7c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   422726 279345713a6a1a2aad6f94ba95926a0e

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1.diff.gz
      Size/MD5:    14285 c99ec66159af23c7c8bf0b34034c010a
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1.dsc
      Size/MD5:     1142 f7be2cce138282dcadee5df308b756ae
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3.orig.tar.gz
      Size/MD5:  1878094 566af33c4956e05512a57ae7a63c849f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_amd64.deb
      Size/MD5:  1198448 78c9f1957ebe8496234fb583ed577909

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_i386.deb
      Size/MD5:  1196104 542d2466b008e9e258dc1cb4375a06f4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_powerpc.deb
      Size/MD5:  1200260 58b6d75c2db39bb929f5e1566bee9462

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_sparc.deb
      Size/MD5:  1195606 8b2cce4383671a94d02f81f3492cf9f4

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1.diff.gz
      Size/MD5:    12763 2c560717c1a85b755c88a868a9ae541c
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1.dsc
      Size/MD5:     1070 4c87625903828c6a5405f75e1a9f4501
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0.orig.tar.gz
      Size/MD5:  2535671 28cf74d74090c7479c5716d8cbe6ed6a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_amd64.deb
      Size/MD5:  2392716 7f03c42d8f7f06c413ea1e265582e446

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_i386.deb
      Size/MD5:  2389672 09bb10c6e415f3d5310f4966b7871478

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_powerpc.deb
      Size/MD5:  2396612 f3be6029861078af5aabb0c39760cbe2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_sparc.deb
      Size/MD5:  2388798 0aacedaf7c9a2b32ffa59562651df420

    

- 漏洞信息 (F60795)

Gentoo Linux Security Advisory 200711-12 (PacketStormID:F60795)
2007-11-08 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-4790
[点击下载]

Gentoo Linux Security Advisory GLSA 200711-12 - Jan Oravec reported that the /usr/bin/tomboy script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 0.8.1-r1 are affected.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200711-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Tomboy: User-assisted execution of arbitrary code
      Date: November 08, 2007
      Bugs: #189249
        ID: 200711-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Tomboy doesn't properly handle environment variables, potentially
allowing a local attacker to execute arbitrary code.

Background
==========

Tomboy is a GTK-based desktop note-taking application written in C# and
the Mono C#.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  app-misc/tomboy     < 0.8.1-r1                        >= 0.8.1-r1

Description
===========

Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.

Impact
======

A local attacker could entice a user into running Tomboy in a directory
containing a specially crafted library file to execute arbitrary code
with the privileges of the user running Tomboy.

Workaround
==========

Do not run Tomboy from an untrusted working directory.

Resolution
==========

All Tomboy users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-misc/tomboy-0.8.1-r1"

References
==========

  [ 1 ] CVE-2005-4790
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4790

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200711-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHM2ejuhJ+ozIKI5gRArn0AKCHGvQMfReygx+CNJswcgHC5ZLT/QCdGyyf
HMULjLPDCYXxaJG4YGh5hU8=
=SZnY
-----END PGP SIGNATURE-----
    

- 漏洞信息

19982
SuSE Linux beagle LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation
Local Access Required Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2005-10-07 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Tomboy LD_LIBRARY_PATH Environment Variable Local Privilege Escalation Vulnerability
Design Error 25341
No Yes
2007-08-16 12:00:00 2008-03-07 10:01:00
Jan Oravec is credited with discovering this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Red Hat Fedora 7
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
Gentoo Linux
Blam Blam 1.8.3
Alex Graveley Tomboy 0.8.1
Alex Graveley Tomboy 0.7.4

- 漏洞讨论

Tomboy is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application.

- 漏洞利用

An attacker can exploit this issue by gaining local interactive access to the affected computer.

- 解决方案

Please see the referenced advisories for information on obtaining and applying the appropriate updates.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站