The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Teamspeak | Teamspeak | 2.0.32 (including) | 2.0.32 (including) |
| Teamspeak-client | Ubuntu | hardy | * |
| Teamspeak-client | Ubuntu | jaunty | * |
| Teamspeak-client | Ubuntu | karmic | * |
| Teamspeak-client | Ubuntu | lucid | * |
| Teamspeak-client | Ubuntu | maverick | * |
| Teamspeak-client | Ubuntu | natty | * |
| Teamspeak-client | Ubuntu | oneiric | * |
| Teamspeak-client | Ubuntu | precise | * |
| Teamspeak-client | Ubuntu | quantal | * |
| Teamspeak-client | Ubuntu | raring | * |
| Teamspeak-client | Ubuntu | saucy | * |
| Teamspeak-server | Ubuntu | hardy | * |
| Teamspeak-server | Ubuntu | jaunty | * |
| Teamspeak-server | Ubuntu | karmic | * |
| Teamspeak-server | Ubuntu | lucid | * |
| Teamspeak-server | Ubuntu | maverick | * |
| Teamspeak-server | Ubuntu | natty | * |
| Teamspeak-server | Ubuntu | oneiric | * |
| Teamspeak-server | Ubuntu | quantal | * |
| Teamspeak-server | Ubuntu | raring | * |
| Teamspeak-server | Ubuntu | saucy | * |
| Teamspeak-server | Ubuntu | upstream | * |