Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html | Exploit Vendor Advisory |
http://marc.info/?l=bugtraq&m=107539776002450&w=2 | |
http://www.securityfocus.com/bid/9523 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/14994 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-05-27T04:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-05-27T00:00:00
Link: CVE-2004-2133
JSON object: View
NVD Information
Status : Modified
Published: 2004-01-29T05:00:00.000
Modified: 2017-07-11T01:31:39.577
Link: CVE-2004-2133
JSON object: View
Redhat Information
No data.
CWE