Launchpad.net

CVE 2005-4790

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.

Related bugs and status

CVE-2005-4790 (Candidate) is related to these bugs:

Bug #162520: [CVE-2005-4790] tomboy has an untrusted search path

		In	Importance	Status
162520	[CVE-2005-4790] tomboy has an untrusted search path	tomboy (Ubuntu)	Undecided	Fix Released
162520	[CVE-2005-4790] tomboy has an untrusted search path	tomboy (Ubuntu Dapper)	Low	Fix Released
162520	[CVE-2005-4790] tomboy has an untrusted search path	tomboy (Ubuntu Edgy)	Low	Fix Released
162520	[CVE-2005-4790] tomboy has an untrusted search path	tomboy (Ubuntu Feisty)	Low	Fix Released
162520	[CVE-2005-4790] tomboy has an untrusted search path	tomboy (Ubuntu Gutsy)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

SUSE: SUSE-SR:2005:022
MISC: http://bugs.gentoo.org...
BID: 25341
SECUNIA: 26480
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200711-12
SECUNIA: 27608
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2007-3011
SECUNIA: 27621
FEDORA: FEDORA-2007-3792
SECUNIA: 27799
SECUNIA: 28339
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200801-14
SECUNIA: 28672
MANDRIVA: MDVSA-2008:064
OSVDB: 39577
OSVDB: 39578
CONFIRM: https://bugzilla.gnome...
XF: tomboy-ldlibrarypath-p...
UBUNTU: USN-560-1