CVE-2005-4790
Gentoo Linux Security Advisory 200711-12
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
Jan Oravec reported that the /usr/bin/tomboy script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 0.8.1-r1 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-12-31 CVE Published
- 2006-04-26 CVE Reserved
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=188806 | X_refsource_misc | |
| http://bugs.gentoo.org/show_bug.cgi?id=189249 | X_refsource_confirm | |
| http://bugs.gentoo.org/show_bug.cgi?id=199841 | X_refsource_confirm | |
| http://osvdb.org/39577 | Vdb Entry | |
| http://osvdb.org/39578 | Vdb Entry | |
| http://www.securityfocus.com/bid/25341 | Vdb Entry | |
| https://bugzilla.gnome.org/show_bug.cgi?id=485224 | X_refsource_confirm | |
| https://bugzilla.redhat.com/show_bug.cgi?id=362941 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36054 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26480 | 2018-10-30 | |
| http://secunia.com/advisories/27608 | 2018-10-30 | |
| http://secunia.com/advisories/27621 | 2018-10-30 | |
| http://secunia.com/advisories/27799 | 2018-10-30 | |
| http://secunia.com/advisories/28339 | 2018-10-30 | |
| http://secunia.com/advisories/28672 | 2018-10-30 | |
| http://security.gentoo.org/glsa/glsa-200711-12.xml | 2018-10-30 | |
| http://security.gentoo.org/glsa/glsa-200801-14.xml | 2018-10-30 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:064 | 2018-10-30 | |
| http://www.novell.com/linux/security/advisories/2005_22_sr.html | 2018-10-30 | |
| https://usn.ubuntu.com/560-1 | 2018-10-30 | |
| https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html | 2018-10-30 | |
| https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Suse Linux Search vendor "Novell" for product "Suse Linux" | 10.0 Search vendor "Novell" for product "Suse Linux" and version "10.0" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 9.3 Search vendor "Suse" for product "Suse Linux" and version "9.3" | - |
Affected
| ||||||