Caldera OpenLinux StartKDE Script LD_LIBRARY

info
discussion
exploit
solution
references

Caldera OpenLinux StartKDE Script LD_LIBRARY_PATH Vulnerability

OpenLinux is a freely available, open source implementation of the Linux operating system. It is maintained and distributed by Caldera.

The startkde script insecurely initializes the LD_LIBRARY_PATH environment variable. When the script is executed, it by default searches the current working directory. Any libraries needed by KDE that are found in the current working directory will be loaded.