SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#704976

Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory

Overview

Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LD_RUN_PATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory.

I. Description

Alladin Ghostscript is a previewer for postscript files. In execution, it uses an insecure value for the LD_RUN_PATH enviroment variable, which specifies where to find run-time-loaded program libraries. Due to the insecure value, the libraries may be loaded from the current directory.

II. Impact

By substituting malicious code for functions called from program libraries, an attacker may execute arbitrary commands within the permissions of the user. This is particularly dangerous for the root account, where the malicious code may grant administrative privilege to the attacker.

III. Solution

Apply vendor patches; see the Systems Affected section below.

Systems Affected
VendorStatusDate NotifiedDate Updated
CalderaVulnerable2-Jul-2001
ConectivaVulnerable2-Jul-2001
DebianVulnerable2-Jul-2001
ImmunixVulnerable2-Jul-2001
MandrakeSoftVulnerable2-Jul-2001
RedHatVulnerable21-Aug-2001

References

http://www.kb.cert.org/vuls/id/227312
http://www.securityfocus.com/bid/1991
http://www.redhat.com/support/errata/RHSA-2000-114.html
http://www.linuxsecurity.com/advisories/redhat_advisory-909.html
http://www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt
http://www.linuxsecurity.com/advisories/mandrake_advisory-914.html
http://www.debian.org/security/2000/20001123
http://www.linuxsecurity.com/advisories/other_advisory-919.html
http://www.linuxsecurity.com/advisories/other_advisory-957.html

Credit

Multiple linux vendors reported this vulnerability simultaneously.

This document was last modified by Tim Shimeall.

Other Information

Date Public:2000-11-22
Date First Published:2001-08-21
Date Last Updated:2001-08-22
CERT Advisory: 
CVE-ID(s):CVE-2000-1163
NVD-ID(s):CVE-2000-1163
US-CERT Technical Alerts: 
Severity Metric:9.62
Document Revision:10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader