The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Banshee | Banshee-project | 0.13.2 | 0.13.2 |
| Banshee | Banshee-project | 1.0 | 1.0 |
| Banshee | Banshee-project | 1.2 | 1.2 |
| Banshee | Banshee-project | 1.2.1 | 1.2.1 |
| Banshee | Banshee-project | 1.4 | 1.4 |
| Banshee | Banshee-project | 1.4.2 | 1.4.2 |
| Banshee | Banshee-project | 1.4.3 | 1.4.3 |
| Banshee | Banshee-project | 1.5.0 | 1.5.0 |
| Banshee | Banshee-project | 1.5.1 | 1.5.1 |
| Banshee | Banshee-project | 1.5.2 | 1.5.2 |
| Banshee | Banshee-project | 1.5.3 | 1.5.3 |
| Banshee | Banshee-project | 1.5.4 | 1.5.4 |
| Banshee | Banshee-project | 1.5.5 | 1.5.5 |
| Banshee | Banshee-project | 1.5.6 | 1.5.6 |
| Banshee | Banshee-project | 1.6.0 | 1.6.0 |
| Banshee | Banshee-project | 1.6.1 | 1.6.1 |
| Banshee | Banshee-project | 1.7.0 | 1.7.0 |
| Banshee | Banshee-project | 1.7.1 | 1.7.1 |
| Banshee | Banshee-project | 1.7.2 | 1.7.2 |
| Banshee | Banshee-project | 1.7.3 | 1.7.3 |
| Banshee | Banshee-project | 1.7.4 | 1.7.4 |
| Banshee | Banshee-project | 1.7.5 | 1.7.5 |
| Banshee | Banshee-project | 1.7.6 | 1.7.6 |
| Banshee | Banshee-project | * | 1.8.0 |
| Banshee | Ubuntu | dapper | * |
| Banshee | Ubuntu | hardy | * |
| Banshee | Ubuntu | karmic | * |
| Banshee | Ubuntu | lucid | * |
| Banshee | Ubuntu | maverick | * |
| Banshee | Ubuntu | natty | * |
| Banshee | Ubuntu | oneiric | * |
| Banshee | Ubuntu | quantal | * |
| Banshee | Ubuntu | raring | * |
| Banshee | Ubuntu | saucy | * |
| Banshee | Ubuntu | upstream | * |