{"vuid":"VU#704976","idnumber":"704976","name":"Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory","keywords":["LD_RUN_PATH","Ghostscript","gs"],"overview":"Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LD_RUN_PATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory.","clean_desc":"Alladin Ghostscript is a previewer for postscript files. In execution, it uses an insecure value for the LD_RUN_PATH enviroment variable, which specifies where to find run-time-loaded program libraries. Due to the insecure value, the libraries may be loaded from the current directory.","impact":"By substituting malicious code for functions called from program libraries, an attacker may execute arbitrary commands within the permissions of the user. This is particularly dangerous for the root account, where the malicious code may grant administrative privilege to the attacker.","resolution":"Apply vendor patches; see the Systems Affected section below.","workarounds":"","sysaffected":"","thanks":"Multiple linux vendors reported this vulnerability simultaneously.","author":"This document was last modified by Tim Shimeall.","public":["http://www.securityfocus.com/bid/1991","http://www.redhat.com/support/errata/RHSA-2000-114.html","http://www.linuxsecurity.com/advisories/redhat_advisory-909.html","http://www.caldera.com/support/security/advisories/CSSA-2000-041.0.txt","http://www.linuxsecurity.com/advisories/mandrake_advisory-914.html","http://www.debian.org/security/2000/20001123","http://www.linuxsecurity.com/advisories/other_advisory-919.html","http://www.linuxsecurity.com/advisories/other_advisory-957.html"],"cveids":["CVE-2000-1163"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-12-12T23:29:31Z","publicdate":"2000-11-22T00:00:00Z","datefirstpublished":"2001-08-21T19:59:49Z","dateupdated":"2001-08-22T15:26:24Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"9.61875","cam_scorecurrentwidelyknown":"12.290625","cam_scorecurrentwidelyknownexploited":"22.978125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.61875,"vulnote":null}