6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.8%
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0,
and possibly other distributions, cause the working directory to be added
to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code
via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy
vector was reported for other distributions.
Author | Note |
---|---|
jdstrand | bug has debdiffs upstream 0.9.1 does not contain the vulnerable code |