CVE-2005-4790 - Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distri

CVE-2005-4790

Summary

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.

References

Vulnerable Configurations

cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.3:*:*:*:*:*:*:*

CVSS

Base:	6.9 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	25341
confirm	http://bugs.gentoo.org/show_bug.cgi?id=189249 http://bugs.gentoo.org/show_bug.cgi?id=199841 https://bugzilla.gnome.org/show_bug.cgi?id=485224 https://bugzilla.redhat.com/show_bug.cgi?id=362941
fedora	FEDORA-2007-3011 FEDORA-2007-3792
gentoo	GLSA-200711-12 GLSA-200801-14
mandriva	MDVSA-2008:064
misc	http://bugs.gentoo.org/show_bug.cgi?id=188806
osvdb	39577 39578
secunia	26480 27608 27621 27799 28339 28672
suse	SUSE-SR:2005:022
ubuntu	USN-560-1
xf	tomboy-ldlibrarypath-privilege-escalation(36054)

Last major update

30-10-2018 - 16:25

Published

31-12-2005 - 05:00

Last modified

30-10-2018 - 16:25