XnView and NView RPATH gain privileges
| xnview-rpath-gain-privileges (23910) |  Medium Risk |
Description:
XnView and NView could allow a local attacker to gain elevated privileges, caused by a vulnerability regarding an insecure RPATH configuration. A local attacker could exploit this vulnerability by placing a malicious shared library within the current directory, which could be executed with elevated privileges.
Note: Victims must have write access to the specific directory in order to exploit this vulnerability.
Platforms Affected:
- FreeBSD, FreeBSD
- Gentoo, Linux
- NetBSD, NetBSD
- OpenBSD, OpenBSD
- Sun, Solaris SPARC
- Sun, Solaris x86
- XnView, NView 4.51
- XnView, XnView 1.70
Remedy:
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-12-18 for patch, upgrade, or suggested workaround information. See References.
Consequences:
Gain Privileges
References:
- XnView Web site, XnView at http://www.xnview.com/.
- BID-16087: Gentoo Linux XnView Insecure RPATH Vulnerability
- CVE-2005-4595: Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
- GLSA-200512-18: XnView: Privilege escalation
- OSVDB ID: 22093: NView RPATH Subversion Local Privilege Escalation
- OSVDB ID: 22094: XnView RPATH Subversion Local Privilege Escalation
- SA18235: XnView / NView Insecure RPATH Vulnerability
Reported:
Dec 29, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net