Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenLinux StartKDE脚本处理LD_LIBRARY_PATH存在漏洞
Vulnerability Description
OpenLinux是一款免费开放源代码的Linux操作系统实现,由Caldera开发维护。 OpenLinux中的startkde脚本处理LD_LIBRARY_PATH环境变量时存在漏洞,可导致本地用户权限提升。 OpenLinux中的startkde脚本执行时,会设置LD_LIBRARY_PATH环境变量为"/opt/kde2/lib:",并默认搜索当前工作目录,任何在当前目录中发现的KDE需要的库将被装载,攻击者可以伪造一个库放置在当前工作目录中,当startkde脚本执行装载库时导致任意代码可执行,
CVSS Information
N/A
Vulnerability Type
N/A