|
|
|
Vulnerability Note VU#704976
Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory
OverviewAlladin Ghostscript, a previewer for postscript files, uses an insecure value for the LD_RUN_PATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory.
I. DescriptionAlladin Ghostscript is a previewer for postscript files. In execution, it uses an insecure value for the LD_RUN_PATH enviroment variable, which specifies where to find run-time-loaded program libraries. Due to the insecure value, the libraries may be loaded from the current directory.II. ImpactBy substituting malicious code for functions called from program libraries, an attacker may execute arbitrary commands within the permissions of the user. This is particularly dangerous for the root account, where the malicious code may grant administrative privilege to the attacker.III. SolutionApply vendor patches; see the Systems Affected section below.Systems Affected
References
http://www.kb.cert.org/vuls/id/227312
http://www.securityfocus.com/bid/1991
http://www.redhat.com/support/errata/RHSA-2000-114.html
http://www.linuxsecurity.com/advisories/redhat_advisory-909.html
http://www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt
http://www.linuxsecurity.com/advisories/mandrake_advisory-914.html
http://www.debian.org/security/2000/20001123
http://www.linuxsecurity.com/advisories/other_advisory-919.html
http://www.linuxsecurity.com/advisories/other_advisory-957.html
Credit
Multiple linux vendors reported this vulnerability simultaneously.
This document was last modified by Tim Shimeall.
Other Information
| Date Public | 11/22/2000 |
| Date First Published | 08/21/2001 03:59:48 PM |
| Date Last Updated | 08/22/2001 |
| CERT Advisory | |
| CVE Name | CVE-2000-1163 |
| Metric | 9.62 |
| Document Revision | 10 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
