Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1163

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2000-1163
Last Modified 05 Sep 2008 04:22:48
Published 09 Jan 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-1163

Summary

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Vulnerable Systems

Application

  • Aladdin Enterprises Ghostscript 4.3

  • Aladdin Enterprises Ghostscript 5.10.10

  • Aladdin Enterprises Ghostscript 5.10.15

  • Aladdin Enterprises Ghostscript 5.10cl

  • Aladdin Enterprises Ghostscript 5.50


References

BID - 1991

DEBIAN - 20001123 ghostscript: symlink attack

XF - ghostscript-env-variable

MANDRAKE - MDKSA-2000:074

CALDERA - CSSA-2000-041

CONECTIVA - CLSA-2000:343


Last Updated: 27 May 2016 10:36:03