Overview
Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LD_RUN_PATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory.
Description
Alladin Ghostscript is a previewer for postscript files. In execution, it uses an insecure value for the LD_RUN_PATH enviroment variable, which specifies where to find run-time-loaded program libraries. Due to the insecure value, the libraries may be loaded from the current directory. |
Impact
By substituting malicious code for functions called from program libraries, an attacker may execute arbitrary commands within the permissions of the user. This is particularly dangerous for the root account, where the malicious code may grant administrative privilege to the attacker. |
Solution
Apply vendor patches; see the Systems Affected section below. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.securityfocus.com/bid/1991
- http://www.redhat.com/support/errata/RHSA-2000-114.html
- http://www.linuxsecurity.com/advisories/redhat_advisory-909.html
- http://www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt
- http://www.linuxsecurity.com/advisories/mandrake_advisory-914.html
- http://www.debian.org/security/2000/20001123
- http://www.linuxsecurity.com/advisories/other_advisory-919.html
- http://www.linuxsecurity.com/advisories/other_advisory-957.html
Acknowledgements
Multiple linux vendors reported this vulnerability simultaneously.
This document was last modified by Tim Shimeall.
Other Information
| CVE IDs: | CVE-2000-1163 |
| Severity Metric: | 9.62 |
| Date Public: | 2000-11-22 |
| Date First Published: | 2001-08-21 |
| Date Last Updated: | 2001-08-22 15:26 UTC |
| Document Revision: | 10 |