Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability

BID:16945

Info

Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability

Bugtraq ID: 16945
Class: Environment Error
CVE:
Remote: No
Local: Yes
Published: Mar 03 2006 12:00AM
Updated: Mar 08 2006 03:30PM
Credit: Bill Allombert <[email protected]> reported this issue.
Vulnerable: Debian amaya 9.2.1 -6
Not Vulnerable: Debian amaya 9.4 -1

Discussion

Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability

Amaya on Debian is susceptible to an insecure RPATH vulnerability.

This issue can allow attackers to place malicious libraries in a directory, which would be dynamically linked at run time when the application is executed. This would result in the execution of arbitrary code with the privileges of a user that executes the application.

Note that this issue is specific to Debian, due to a flaw in its build process for this package.

Exploit / POC

Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability

An exploit is not required.

Solution / Fix

Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability

Solution:
The vendor has released an updated package of Amaya to address this issue. Users are encouraged to use Debian's 'apt-get' utility to update their computers to the latest packages.

References

Debian-Specific Amaya Arbitrary Local Code Execution Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report