|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200512-07] OpenLDAP, Gauche: RUNPATH issues Vulnerability Scan
Vulnerability Scan Summary
OpenLDAP, Gauche: RUNPATH issues
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200512-07
(OpenLDAP, Gauche: RUNPATH issues)
Gentoo packaging for OpenLDAP and Gauche may introduce insecure
paths into the list of directories that are searched for libraries at
runtime.
Impact
A local attacker, who is a member of the "portage" group, could
create a malicious shared object in the Portage temporary build
directory that would be loaded at runtime by a dependent binary,
potentially resulting in privilege escalation.
Workaround
Only grant "portage" group rights to trusted users.
Solution:
All OpenLDAP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose net-nds/openldap
All Gauche users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/gauche-0.8.6-r1"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|
