Info

Disclosure

Dec 29, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

NView contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue caused by an insecure RPATH and is triggered when the application is launched within a shared directory containing a malicious library. This flaw may lead to a loss of confidentiality or integrity through arbitrary code execution.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Pierre.e Gougelet

NView

4.51

References

Bugtraq ID: 16087
Secunia Advisory ID: 18235 18240
CVE ID: 2005-4595 (see also: NVD)
Related OSVDB ID: 22094
Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117063
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml

Credit

nelchael -

Direct URL: http://osvdb.org/22093