GTK+ Arbitrary Loadable Module Execution Vulnerability

A temporary fix is to add the following line of code to line 215 (approximately in GTK 1.2.8 ) of source file gtkmain. The line should read as follows:

env_string = getenv ("GTK_MODULES");

The following line should be added above it:

if(geteuid() == getuid())


Privacy Statement
Copyright 2010, SecurityFocus