|
COMMAND shared library attacks using bad LD_LIBRARY_PATH SYSTEMS AFFECTED OpenLinux Server 3.1.1 All packages previous to kdeconfig-20011203-2 OpenLinux Workstation 3.1.1 All packages previous to kdeconfig-20011203-2 PROBLEM In Caldera Security Advisory CSSA-2002-005.0, the startkde script will set the LD_LIBRARY_PATH environment variable to \" /opt/kde2/lib:\" which includes the current working directory in the library search path. This exposes users to shared library attacks. SOLUTION Upgrade to latest package.