SuseSUSE-SA:2006:007local privilege escalation in binutils,kdelibs3,kdegraphics3,koffice,dia,lyx
0.0004 Low
EPSS
Percentile
5.7%
A SUSE specific patch to the GNU linker ‘ld’ removes redundant RPATH and RUNPATH components when linking binaries. Due to a bug in this routine ld occasionally left empty RPATH components. When running a binary with empty RPATH components the dynamic linker tries to load shared libraries from the current directory. By tricking users into running an affected application in a directory that contains a specially crafted shared library an attacker could execute arbitrary code with the user id of the victim.
Solution
Do not run affected binaries in directories that are writeable by other users. It is recommended to install the update packages. To fix self-compiled applications install the updated binutils package and relink the application.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.2 | i586 | kdelibs3 | < 3.3.0-34.12 | kdelibs3-3.3.0-34.12.i586.rpm |
| openSUSE | 9.1 | x86_64 | dia | < 0.92.2-112.11 | dia-0.92.2-112.11.x86_64.rpm |
| openSUSE | 10.0 | x86_64 | kdelibs3 | < 3.4.2-24.3 | kdelibs3-3.4.2-24.3.x86_64.rpm |
| openSUSE | 10.0 | i586 | kdegraphics3-3d | < 3.4.2-12.2 | kdegraphics3-3D-3.4.2-12.2.i586.rpm |
| openSUSE | 10.0 | i586 | kdegraphics3 | < 3.4.2-12.2 | kdegraphics3-3.4.2-12.2.i586.rpm |
| openSUSE | 9.3 | i586 | kdegraphics3-tex | < 3.4.0-11.5 | kdegraphics3-tex-3.4.0-11.5.i586.rpm |
| openSUSE | 9.2 | x86_64 | kdegraphics3-imaging | < 3.3.0-13.7 | kdegraphics3-imaging-3.3.0-13.7.x86_64.rpm |
| openSUSE | 9.2 | x86_64 | kdegraphics3-tex | < 3.3.0-13.7 | kdegraphics3-tex-3.3.0-13.7.x86_64.rpm |
| openSUSE | 9.3 | i586 | kdelibs3-devel | < 3.4.0-20.11 | kdelibs3-devel-3.4.0-20.11.i586.rpm |
| openSUSE | 9.2 | x86_64 | kdelibs3-devel | < 3.3.0-34.12 | kdelibs3-devel-3.3.0-34.12.x86_64.rpm |
Related
