Arbitrary Code Execution

2020-04-1000:48:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

thunderbird is vulnerable to arbitrary code execution. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a “.” character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory.

CPENameOperatorVersion
thunderbirdeq2.0.0.18__1.el5
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq1.5.0.9__0.1.el4
thunderbirdeq1.5.0.12__30.el4
thunderbirdeq2.0.0.24__8.el5
thunderbirdeq1.5.0.12__14.el4
thunderbirdeq1.5.0.5__0.el4.1
thunderbirdeq2.0.0.16__1.el5
thunderbirdeq1.5.0.8__0.1.el4
thunderbirdeq1.5.0.9__6.el5

Name	Operator	Version
thunderbird	eq	2.0.0.18__1.el5
thunderbird	eq	1.5.0.5__0.el4.2
thunderbird	eq	1.5.0.9__0.1.el4
thunderbird	eq	1.5.0.12__30.el4
thunderbird	eq	2.0.0.24__8.el5
thunderbird	eq	1.5.0.12__14.el4
thunderbird	eq	1.5.0.5__0.el4.1
thunderbird	eq	2.0.0.16__1.el5
thunderbird	eq	1.5.0.8__0.1.el4
thunderbird	eq	1.5.0.9__6.el5