Computer Security
[EN] securityvulns.ru no-pyccku


tomboy code execution
Published:26.02.2011
Source:
SecurityVulns ID:11461
Type:local
Threat Level:
4/10
Description:Shared library is loaded from the current directory.
Affected:GNOME : tomboy 1.5
CVE:CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2.)
 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:035 ] tomboy (26.02.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod