tomboy

2007-10-25

Page content

Author: voroskoi
Vulnerable: 0.8.0-1
Unaffected: 0.8.0-2sayshell1

Jab Oravec has reported a security issue in Tomboy, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the “/usr/bin/tomboy” script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running Tomboy in a directory containing a malicious library.

Bug Tracker URL: http://bugs.frugalware.org/task/2370

CVEs:

There is no CVE for this issue.