Info

Disclosure

Dec 29, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

XnView contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue caused by an insecure RPATH and is triggered when the application is launched within a shared directory containing a malicious library. This flaw may lead to a loss of confidentiality or integrity through arbitrary code execution.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Gentoo users should upgrade to version 1.70-r1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Currently, there are no known upgrades, patches, or workarounds available to correct this issue of other systems.

Products

Pierre.e Gougelet

XnView

1.70

References

Bugtraq ID: 16087
Secunia Advisory ID: 18235 18240
CVE ID: 2005-4595 (see also: NVD)
Related OSVDB ID: 22093
Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=117063
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml

Credit

nelchael -

Direct URL: http://osvdb.org/22094