TUCoPS :: Linux :: General :: lnx5223.htm

KDE - shared library attacks using bad LD_LIBRARY_PATH
2nd Apr 2002 [SBWID-5223]
COMMAND

	shared library attacks using bad LD_LIBRARY_PATH

SYSTEMS AFFECTED

	  OpenLinux Server 3.1.1        All packages previous to kdeconfig-20011203-2  

	  OpenLinux Workstation 3.1.1   All packages previous to kdeconfig-20011203-2

PROBLEM

	In Caldera Security Advisory CSSA-2002-005.0, the startkde  script  will
	set the LD_LIBRARY_PATH  environment  variable  to  \"  /opt/kde2/lib:\"
	which includes the current  working  directory  in  the  library  search
	path. This exposes users to shared library attacks.
	

	

SOLUTION

	Upgrade to latest package.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH