Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 337534 (debian-ldlibpath)

Summary: [TRACKER] Insecure LD_LIBRARY_PATH setting bugs found in Debian
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: AuditingAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal Keywords: Tracker
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 337529, 337532    
Bug Blocks:    

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-09-15 18:07:55 UTC 
As posted to vendor-sec by Raphael Geissert:

"During a review of the Debian archive I've found multiple packages with 
insecure modifications to LD_LIBRARY_PATH, which allow libraries to be loaded 
from the CWD (like CVE-2010-2953 or the older CVE-2005-4790 and 
CVE-2005-4791.)"