CVE-2007-4432

Description

Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.

Affected products

• Novell / suse_linux10.1 – 10.1
• SUSE / suse_linux10 – 10

References

• MISChttp://osvdb.org/46783
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2007_17_sr.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/26543
• MISChttp://osvdb.org/46781
• MISChttp://osvdb.org/46784
• MISChttp://osvdb.org/46782