| Vulnerability Name: | CVE-2005-4790 (CCN-26372) | ||||||||||||
| Assigned: | 2005-10-07 | ||||||||||||
| Published: | 2005-10-07 | ||||||||||||
| Updated: | 2018-10-30 | ||||||||||||
| Summary: | Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. Note: in August 2007, the tomboy vector was reported for other distributions. | ||||||||||||
| CVSS v3 Severity: | 2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
1.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MISC Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=188806 Source: CONFIRM Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=189249 Source: CONFIRM Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=199841 Source: MITRE Type: CNA CVE-2005-4790 Source: MITRE Type: CNA CVE-2005-4791 Source: OSVDB Type: UNKNOWN 39577 Source: OSVDB Type: UNKNOWN 39578 Source: CCN Type: SA26480 Tomboy Insecure LD_LIBRARY_PATH Privilege Escalation Source: SECUNIA Type: Vendor Advisory 26480 Source: SECUNIA Type: Vendor Advisory 27608 Source: SECUNIA Type: Vendor Advisory 27621 Source: CCN Type: SA27771 Liferea Insecure LD_LIBRARY_PATH Privilege Escalation Source: SECUNIA Type: Vendor Advisory 27799 Source: SECUNIA Type: Vendor Advisory 28339 Source: SECUNIA Type: Vendor Advisory 28672 Source: GENTOO Type: UNKNOWN GLSA-200711-12 Source: GENTOO Type: UNKNOWN GLSA-200801-14 Source: CCN Type: SourceForge.net: Files Liferea - File Release Notes and Changelog - Release Name: 1.4.8 Source: CCN Type: GLSA-200711-12 Tomboy: User-assisted execution of arbitrary code Source: CCN Type: GLSA-200801-14 Blam: User-assisted execution of arbitrary code Source: MANDRIVA Type: UNKNOWN MDVSA-2008:064 Source: SUSE Type: Vendor Advisory SUSE-SR:2005:022 Source: CCN Type: OSVDB ID: 19982 SuSE Linux beagle LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation Source: CCN Type: OSVDB ID: 39577 SuSE Linux blam LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation Source: CCN Type: OSVDB ID: 39578 SuSE Linux tomboy LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation Source: CCN Type: OSVDB ID: 39579 Liferea LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation Source: CCN Type: OSVDB ID: 39580 SuSE Linux banshee LD_LIBRARY_PATH Variable Path Subversion Local Privilege Escalation Source: CCN Type: BID-15040 SUSE Linux Multiple Local Privilege Escalation Vulnerabilities Source: BID Type: UNKNOWN 25341 Source: CCN Type: BID-25341 Tomboy LD_LIBRARY_PATH Environment Variable Local Privilege Escalation Vulnerability Source: CCN Type: USN-560-1 Tomboy vulnerability Source: CONFIRM Type: UNKNOWN https://bugzilla.gnome.org/show_bug.cgi?id=485224 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=362941 Source: XF Type: UNKNOWN suse-searchpath-code-execution(26372) Source: XF Type: UNKNOWN tomboy-ldlibrarypath-privilege-escalation(36054) Source: UBUNTU Type: UNKNOWN USN-560-1 Source: FEDORA Type: UNKNOWN FEDORA-2007-3011 Source: FEDORA Type: UNKNOWN FEDORA-2007-3792 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||