Vulnerability Description
ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Suse Linux | 9.0 |
References
- http://lists.suse.com/archive/suse-security-announce/2006-Feb/0003.htmlPatchVendor Advisory
- http://secunia.com/advisories/18811
- http://www.securityfocus.com/bid/16581
- http://lists.suse.com/archive/suse-security-announce/2006-Feb/0003.htmlPatchVendor Advisory
- http://secunia.com/advisories/18811
- http://www.securityfocus.com/bid/16581
FAQ
What is CVE-2006-0646?
CVE-2006-0646 is a vulnerability with a CVSS score of 4.4 (MEDIUM). ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other user...
How severe is CVE-2006-0646?
CVE-2006-0646 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0646?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Suse Linux.