GTK+ Arbitrary Loadable Module Execution Vulnerability

Solution:
A temporary fix is to add the following line of code to line 215 (approximately in GTK 1.2.8 ) of source file gtkmain. The line should read as follows:

env_string = getenv ("GTK_MODULES");

The following line should be added above it:

if(geteuid() == getuid())



 

Privacy Statement
Copyright 2010, SecurityFocus