CVE-2010-4005: Code Injection
First published: Tue Oct 19 2010(Updated: )
Ludwig Nussel discovered that tomboy contained a script that could be abused by an attacker to execute arbitrary code. The vulnerability is due to an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries in directories other than the standard paths. When there is an empty item in the colon-separated list of directories in LD_LIBRARY_PATH, ld.so(8) treats it as a '.' (current working directory). If the given script is executed from a directory where a local attacker could write files, there is a chance for exploitation. In Fedora, both /usr/bin/tomboy and /usr/bin/tomboy-panel re-set LD_LIBRARY_PATH insecurely: export LD_LIBRARY_PATH="/usr/lib/tomboy${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}" A solution is to patch the script to use ':+:' properly: export LD_LIBRARY_PATH=/usr/lib/foo${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME Tomboy | =1.0.1 | |
| GNOME Tomboy | =1.4.2 | |
| GNOME Tomboy | <=1.5.2 | |
| GNOME Tomboy | =1.5.1 | |
| GNOME Tomboy | =1.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4005
- vendor/gnome
- canonical/gnome tomboy
- version/gnome tomboy/1.0.1
- version/gnome tomboy/1.4.2
- version/gnome tomboy/1.5.2
- version/gnome tomboy/1.5.1
- version/gnome tomboy/1.2.2