CVE Vulnerabilities

CVE-2000-1163

Published: Jan 09, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Affected Software

Name Vendor Start Version End Version
Ghostscript Aladdin_enterprises 4.3 4.3
Ghostscript Aladdin_enterprises 5.10.10 5.10.10
Ghostscript Aladdin_enterprises 5.10.15 5.10.15
Ghostscript Aladdin_enterprises 5.10cl 5.10cl
Ghostscript Aladdin_enterprises 5.50 5.50

References