2nd Apr 2002 [SBWID-5223]
COMMAND
shared library attacks using bad LD_LIBRARY_PATH
SYSTEMS AFFECTED
OpenLinux Server 3.1.1 All packages previous to kdeconfig-20011203-2
OpenLinux Workstation 3.1.1 All packages previous to kdeconfig-20011203-2
PROBLEM
In Caldera Security Advisory CSSA-2002-005.0, the startkde script will
set the LD_LIBRARY_PATH environment variable to \" /opt/kde2/lib:\"
which includes the current working directory in the library search
path. This exposes users to shared library attacks.
SOLUTION
Upgrade to latest package.
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
