|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-01] Qt: Untrusted library search path Vulnerability Scan
Vulnerability Scan Summary Qt: Untrusted library search path
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-01
(Qt: Untrusted library search path)
Tavis Ormandy of the Gentoo Linux Security Audit Team has
discovered that Qt searches for shared libraries in an untrusted,
world-writable directory.
Impact
A local attacker could create a malicious shared object that would
be loaded by Qt, resulting in the execution of arbitrary code with the
rights of the Qt application.
Workaround
There is no known workaround at this time.
Solution:
All Qt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/qt-3.3.4-r2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|