Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Suse_linux | Novell | 10.1 (including) | 10.1 (including) |
| Suse_linux | Suse | 10 (including) | 10 (including) |
References
- http://osvdb.org/46781
- http://osvdb.org/46782
- http://osvdb.org/46783
- http://osvdb.org/46784
- http://secunia.com/advisories/26543
- http://www.novell.com/linux/security/advisories/2007_17_sr.html
- http://osvdb.org/46781
- http://osvdb.org/46782
- http://osvdb.org/46783
- http://osvdb.org/46784
- http://secunia.com/advisories/26543
- http://www.novell.com/linux/security/advisories/2007_17_sr.html