CVE-2008-1951 — Untrusted Search Path in Redhat Enterprise Linux

CWE-264 CWE-426 — Untrusted Search Path4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 68.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedJun 25

Latest updateMay 1

Description

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages0 packages

Also affects: Enterprise Linux 4, 5

🔴Vulnerability Details

GHSA

GHSA-ppg2-58hq-f747: Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries be↗2022-05-01

▶

📋Vendor Advisories

Red Hat

sblim: libraries built with insecure RPATH↗2008-06-24

▶

💬Community

Bugzilla

CVE-2008-1951 sblim: libraries built with insecure RPATH↗2008-05-21

▶