Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability
BID:16945
Info
Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability
| Bugtraq ID: | 16945 |
| Class: | Environment Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 03 2006 12:00AM |
| Updated: | Mar 08 2006 03:30PM |
| Credit: | Bill Allombert <[email protected]> reported this issue. |
| Vulnerable: |
Debian amaya 9.2.1 -6 |
| Not Vulnerable: |
Debian amaya 9.4 -1 |
Discussion
Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability
Amaya on Debian is susceptible to an insecure RPATH vulnerability.
This issue can allow attackers to place malicious libraries in a directory, which would be dynamically linked at run time when the application is executed. This would result in the execution of arbitrary code with the privileges of a user that executes the application.
Note that this issue is specific to Debian, due to a flaw in its build process for this package.
Amaya on Debian is susceptible to an insecure RPATH vulnerability.
This issue can allow attackers to place malicious libraries in a directory, which would be dynamically linked at run time when the application is executed. This would result in the execution of arbitrary code with the privileges of a user that executes the application.
Note that this issue is specific to Debian, due to a flaw in its build process for this package.
Exploit / POC
Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability
Solution:
The vendor has released an updated package of Amaya to address this issue. Users are encouraged to use Debian's 'apt-get' utility to update their computers to the latest packages.
Solution:
The vendor has released an updated package of Amaya to address this issue. Users are encouraged to use Debian's 'apt-get' utility to update their computers to the latest packages.
References
Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability
References:
References: