Vulnerabilities > CVE-2005-4790 - Local Privilege Escalation vulnerability in Tomboy LD_LIBRARY_PATH Environment Variable
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| OS | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-3798.NASL description This update resolves a low severity security issue where LD_LIBRARY_PATH could potentially get set to the current directory if it wasn last seen 2020-06-01 modified 2020-06-02 plugin id 28343 published 2007-11-29 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28343 title Fedora 8 : blam-1.8.3-11.fc8 (2007-3798) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-3798. # include("compat.inc"); if (description) { script_id(28343); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2005-4790"); script_xref(name:"FEDORA", value:"2007-3798"); script_name(english:"Fedora 8 : blam-1.8.3-11.fc8 (2007-3798)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update resolves a low severity security issue where LD_LIBRARY_PATH could potentially get set to the current directory if it wasn't set before Blam was launched. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=395761" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/005322.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?23e10dda" ); script_set_attribute( attribute:"solution", value:"Update the affected blam and / or blam-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"blam-1.8.3-11.fc8")) flag++; if (rpm_check(release:"FC8", reference:"blam-debuginfo-1.8.3-11.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "blam / blam-debuginfo"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-035.NASL description A vulnerability has been found and corrected in tomboy : The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2 (CVE-2010-4005). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 52061 published 2011-02-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52061 title Mandriva Linux Security Advisory : tomboy (MDVSA-2011:035) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2011:035. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(52061); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2010-4005"); script_bugtraq_id(44750); script_xref(name:"MDVSA", value:"2011:035"); script_name(english:"Mandriva Linux Security Advisory : tomboy (MDVSA-2011:035)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in tomboy : The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2 (CVE-2010-4005). The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected tomboy package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomboy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.0", reference:"tomboy-1.0.0-1.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"tomboy-1.2.2-1.2mdv2010.2", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_TOMBOY-4698.NASL description The tomboy mediaplayer used LD_LIBRARY_PATH unsafely by allowing empty LD_LIBRARY_PATH components. This would enable the player to load its shared libraries of the current directory which might contain user-supplied shared libraries, potentially supplied from the network by an attacker. (CVE-2005-4790) last seen 2020-06-01 modified 2020-06-02 plugin id 28287 published 2007-11-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28287 title openSUSE 10 Security Update : tomboy (tomboy-4698) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update tomboy-4698. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(28287); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2005-4790"); script_name(english:"openSUSE 10 Security Update : tomboy (tomboy-4698)"); script_summary(english:"Check for the tomboy-4698 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The tomboy mediaplayer used LD_LIBRARY_PATH unsafely by allowing empty LD_LIBRARY_PATH components. This would enable the player to load its shared libraries of the current directory which might contain user-supplied shared libraries, potentially supplied from the network by an attacker. (CVE-2005-4790)" ); script_set_attribute( attribute:"solution", value:"Update the affected tomboy package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomboy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"tomboy-0.8.0-9.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomboy"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-12.NASL description The remote host is affected by the vulnerability described in GLSA-200711-12 (Tomboy: User-assisted execution of arbitrary code) Jan Oravec reported that the last seen 2020-06-01 modified 2020-06-02 plugin id 27847 published 2007-11-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27847 title GLSA-200711-12 : Tomboy: User-assisted execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200711-12. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(27847); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2005-4790"); script_xref(name:"GLSA", value:"200711-12"); script_name(english:"GLSA-200711-12 : Tomboy: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200711-12 (Tomboy: User-assisted execution of arbitrary code) Jan Oravec reported that the '/usr/bin/tomboy' script sets the 'LD_LIBRARY_PATH' environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application. Impact : A local attacker could entice a user into running Tomboy in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Tomboy. Workaround : Do not run Tomboy from an untrusted working directory." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200711-12" ); script_set_attribute( attribute:"solution", value: "All Tomboy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-misc/tomboy-0.8.1-r1'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tomboy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/09"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-misc/tomboy", unaffected:make_list("ge 0.8.1-r1"), vulnerable:make_list("lt 0.8.1-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Tomboy"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-28.NASL description The remote host is affected by the vulnerability described in GLSA-201401-28 (Tomboy: Privilege escalation) Tomboy places a zero-length directory name in the LD_LIBRARY_PATH, which might result in the current working directory (.) to be included when searching for dynamically linked libraries. NOTE: This vulnerability exists due to an incomplete fix for CVE-2005-4790 (GLSA 200711-12). Impact : A local attacker could gain escalated privileges via a specially crafted shared library. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72130 published 2014-01-27 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72130 title GLSA-201401-28 : Tomboy: Privilege escalation code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201401-28. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(72130); script_version("1.8"); script_cvs_date("Date: 2018/11/14 14:36:22"); script_cve_id("CVE-2010-4005"); script_bugtraq_id(44750); script_xref(name:"GLSA", value:"201401-28"); script_name(english:"GLSA-201401-28 : Tomboy: Privilege escalation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201401-28 (Tomboy: Privilege escalation) Tomboy places a zero-length directory name in the LD_LIBRARY_PATH, which might result in the current working directory (.) to be included when searching for dynamically linked libraries. NOTE: This vulnerability exists due to an incomplete fix for CVE-2005-4790 (GLSA 200711-12). Impact : A local attacker could gain escalated privileges via a specially crafted shared library. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200711-12" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201401-28" ); script_set_attribute( attribute:"solution", value: "All Tomboy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-misc/tomboy-1.4.2-r1' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since March 02, 2011. It is likely that your system is already no longer affected by this issue." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tomboy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-misc/tomboy", unaffected:make_list("ge 1.4.2-r1"), vulnerable:make_list("lt 1.4.2-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Tomboy"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-064.NASL description A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37621 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37621 title Mandriva Linux Security Advisory : tomboy (MDVSA-2008:064) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:064. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37621); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2005-4790"); script_xref(name:"MDVSA", value:"2008:064"); script_name(english:"Mandriva Linux Security Advisory : tomboy (MDVSA-2008:064)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application. The updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected tomboy package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomboy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.1", reference:"tomboy-0.6.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tomboy-0.8.0-1.1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-560-1.NASL description Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29892 published 2008-01-08 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29892 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : tomboy vulnerability (USN-560-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-560-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(29892); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2005-4790"); script_xref(name:"USN", value:"560-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : tomboy vulnerability (USN-560-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/560-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected tomboy package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomboy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"tomboy", pkgver:"0.3.5-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"tomboy", pkgver:"0.4.1-0ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"tomboy", pkgver:"0.6.3-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"tomboy", pkgver:"0.8.0-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomboy"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-3792.NASL description This update resolves a low severity security issue where LD_LIBRARY_PATH could potentially get set to the current directory if it wasn last seen 2020-06-01 modified 2020-06-02 plugin id 28342 published 2007-11-29 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28342 title Fedora 7 : blam-1.8.3-9.fc7 (2007-3792) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-3792. # include("compat.inc"); if (description) { script_id(28342); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2005-4790"); script_xref(name:"FEDORA", value:"2007-3792"); script_name(english:"Fedora 7 : blam-1.8.3-9.fc7 (2007-3792)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update resolves a low severity security issue where LD_LIBRARY_PATH could potentially get set to the current directory if it wasn't set before Blam was launched. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=393691" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=395751" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/005317.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3d84b2b2" ); script_set_attribute( attribute:"solution", value:"Update the affected blam and / or blam-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"blam-1.8.3-9.fc7")) flag++; if (rpm_check(release:"FC7", reference:"blam-debuginfo-1.8.3-9.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "blam / blam-debuginfo"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-3253.NASL description This update resolves a low severity security issue where LD_LIBRARY_PATH could potentially get set to the current directory if it wasn last seen 2020-06-01 modified 2020-06-02 plugin id 28190 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28190 title Fedora 8 : tomboy-0.8.1-3.fc8 (2007-3253) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200801-14.NASL description The remote host is affected by the vulnerability described in GLSA-200801-14 (Blam: User-assisted execution of arbitrary code) The last seen 2020-06-01 modified 2020-06-02 plugin id 30119 published 2008-01-29 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30119 title GLSA-200801-14 : Blam: User-assisted execution of arbitrary code NASL family Fedora Local Security Checks NASL id FEDORA_2007-3011.NASL description This update resolves a low severity security issue where LD_LIBRARY_PATH could potentially get set to the current directory if it wasn last seen 2020-06-01 modified 2020-06-02 plugin id 28156 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28156 title Fedora 7 : tomboy-0.6.1-2.fc7 (2007-3011)
References
- http://bugs.gentoo.org/show_bug.cgi?id=188806
- http://bugs.gentoo.org/show_bug.cgi?id=189249
- http://bugs.gentoo.org/show_bug.cgi?id=199841
- http://osvdb.org/39577
- http://osvdb.org/39578
- http://secunia.com/advisories/26480
- http://secunia.com/advisories/27608
- http://secunia.com/advisories/27621
- http://secunia.com/advisories/27799
- http://secunia.com/advisories/28339
- http://secunia.com/advisories/28672
- http://security.gentoo.org/glsa/glsa-200711-12.xml
- http://security.gentoo.org/glsa/glsa-200801-14.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:064
- http://www.novell.com/linux/security/advisories/2005_22_sr.html
- http://www.securityfocus.com/bid/25341
- https://bugzilla.gnome.org/show_bug.cgi?id=485224
- https://bugzilla.redhat.com/show_bug.cgi?id=362941
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36054
- https://usn.ubuntu.com/560-1/
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html