Vulnerability Description
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux | 10.0 |
| Suse | Suse Linux | 9.3 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=188806
- http://bugs.gentoo.org/show_bug.cgi?id=189249
- http://bugs.gentoo.org/show_bug.cgi?id=199841
- http://osvdb.org/39577
- http://osvdb.org/39578
- http://secunia.com/advisories/26480Vendor Advisory
- http://secunia.com/advisories/27608Vendor Advisory
- http://secunia.com/advisories/27621Vendor Advisory
- http://secunia.com/advisories/27799Vendor Advisory
- http://secunia.com/advisories/28339Vendor Advisory
- http://secunia.com/advisories/28672Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200711-12.xml
- http://security.gentoo.org/glsa/glsa-200801-14.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:064
- http://www.novell.com/linux/security/advisories/2005_22_sr.htmlVendor Advisory
FAQ
What is CVE-2005-4790?
CVE-2005-4790 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users t...
How severe is CVE-2005-4790?
CVE-2005-4790 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4790?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux, Suse Suse Linux.