The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Banshee | Banshee-project | * | 1.8.0 (including) |
| Banshee | Banshee-project | 0.13.2 (including) | 0.13.2 (including) |
| Banshee | Banshee-project | 1.0 (including) | 1.0 (including) |
| Banshee | Banshee-project | 1.2 (including) | 1.2 (including) |
| Banshee | Banshee-project | 1.2.1 (including) | 1.2.1 (including) |
| Banshee | Banshee-project | 1.4 (including) | 1.4 (including) |
| Banshee | Banshee-project | 1.4.2 (including) | 1.4.2 (including) |
| Banshee | Banshee-project | 1.4.3 (including) | 1.4.3 (including) |
| Banshee | Banshee-project | 1.5.0 (including) | 1.5.0 (including) |
| Banshee | Banshee-project | 1.5.1 (including) | 1.5.1 (including) |
| Banshee | Banshee-project | 1.5.2 (including) | 1.5.2 (including) |
| Banshee | Banshee-project | 1.5.3 (including) | 1.5.3 (including) |
| Banshee | Banshee-project | 1.5.4 (including) | 1.5.4 (including) |
| Banshee | Banshee-project | 1.5.5 (including) | 1.5.5 (including) |
| Banshee | Banshee-project | 1.5.6 (including) | 1.5.6 (including) |
| Banshee | Banshee-project | 1.6.0 (including) | 1.6.0 (including) |
| Banshee | Banshee-project | 1.6.1 (including) | 1.6.1 (including) |
| Banshee | Banshee-project | 1.7.0 (including) | 1.7.0 (including) |
| Banshee | Banshee-project | 1.7.1 (including) | 1.7.1 (including) |
| Banshee | Banshee-project | 1.7.2 (including) | 1.7.2 (including) |
| Banshee | Banshee-project | 1.7.3 (including) | 1.7.3 (including) |
| Banshee | Banshee-project | 1.7.4 (including) | 1.7.4 (including) |
| Banshee | Banshee-project | 1.7.5 (including) | 1.7.5 (including) |
| Banshee | Banshee-project | 1.7.6 (including) | 1.7.6 (including) |