Summary: | GNOME 2.x: gnome-session Privilege Escalation Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | schaedpq |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/11224/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
schaedpq
2004-03-30 10:59:15 UTC
gnome team: comments? hmm. our Gnome session script doesn't set the LD_LIBRARY, I don't think we are vulnerable here. Anyone else? The issue is that the wrapper scripts exported LD_LIBRARY_PATH="/neW/path:${LD_LIBRARY_PATH}" Which lead to exploits if LD_LIBRARY_PATH was unset before this, as . was then appended to the path, and that allows arbitary execution. This is an issue in all shellscripts and a pretty nasty one as it can be exploited pretty much like the old "ls" one (PATH=":.:" ) http://www.gnome.org/~markmc/blog/06042004 ( session maintainer ) This is not a problem for us, we don't supply such a script. Connectiva only it seems. This can be closed with the security teams consent. however we may be vulnerable about this in other scripts provided by the system. we're not vulnerable to this specific exploit, so closing. |