Vulnerability Description
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aladdin Enterprises | Ghostscript | 4.3 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
- http://www.debian.org/security/2000/20001123PatchVendor Advisory
- http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
- http://www.securityfocus.com/bid/1991PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5564
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
- http://www.debian.org/security/2000/20001123PatchVendor Advisory
- http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
- http://www.securityfocus.com/bid/1991PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5564
FAQ
What is CVE-2000-1163?
CVE-2000-1163 is a vulnerability with a CVSS score of 4.6 (MEDIUM). ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Tr...
How severe is CVE-2000-1163?
CVE-2000-1163 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1163?
Check the references section above for vendor advisories and patch information. Affected products include: Aladdin Enterprises Ghostscript.