CVE-2005-4790 — Suse Linux vulnerability

9 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.3%

top 42.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Suse Linux Suse Linux

Timeline

PublishedDec 31

Latest updateMay 1

Description

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶NVDsuse/suse_linux9.3

▶NVDnovell/suse_linux10.0

🔴Vulnerability Details

GHSA

GHSA-xg82-h5j4-q6gx: Multiple untrusted search path vulnerabilities in SUSE Linux 9↗2022-05-01

▶

CVEList

CVE-2005-4790: Multiple untrusted search path vulnerabilities in SUSE Linux 9↗2006-04-26

▶

📋Vendor Advisories

Ubuntu

Tomboy vulnerability↗2008-01-07

▶

Red Hat

tomboy and blam uses insecure LD_LIBRARY_PATH↗

▶

💬Community

Bugzilla

CVE-2005-4790 tomboy includes CWD in LD_LIBRARY_PATH [F8]↗2007-11-01

▶

Bugzilla

CVE-2005-4790 tomboy includes CWD in LD_LIBRARY_PATH [F7]↗2007-11-01

▶

Bugzilla

CVE-2005-4790 tomboy includes CWD in LD_LIBRARY_PATH [Fdevel]↗2007-11-01

▶

Bugzilla

CVE-2005-4790 tomboy and blam uses insecure LD_LIBRARY_PATH↗2007-08-15

▶