Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0646

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2006-0646
Last Modified 05 Sep 2008 04:59:50
Published 11 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0646

Summary

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.

Vulnerable Systems

Operating System

  • Suse Linux 10.0

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Suse Linux 9.3


References

SUSE - SUSE-SA:2006:007

BID - 16581

SECUNIA - 18811


Last Updated: 27 May 2016 10:41:44