CVE-2005-4279 - Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local user

CVE-2005-4279

Summary

Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

References

http://secunia.com/advisories/17232
http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml
http://www.osvdb.org/20087
http://www.securityfocus.com/bid/15120
http://www.vupen.com/english/advisories/2005/2119

Vulnerable Configurations

cpe:2.3:a:gentoo:qt-unixodbc:-:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:qt-unixodbc:-:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:qt-unixodbc:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:qt-unixodbc:3.3.3:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 08-03-2011 - 02:27)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	15120
gentoo	GLSA-200510-14
osvdb	20087
secunia	17232
vupen	ADV-2005-2119

Last major update

08-03-2011 - 02:27

Published

16-12-2005 - 11:03

Last modified

08-03-2011 - 02:27