CVE-2006-0646

4 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 77.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Linux

Timeline

PublishedFeb 11

Latest updateMay 1

Description

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶NVDsuse/suse_linux5 versions+4

Patches

Patch: lists.suse.com ↗Patch: lists.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-689v-jwr8-2x32: ld in SUSE Linux 9↗2022-05-01

▶

CVEList

CVE-2006-0646: ld in SUSE Linux 9↗2006-02-11

▶

📋Vendor Advisories

Debian

CVE-2006-0646: binutils - ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when lin...↗2006

▶