GNUCash 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability

GNUCash is prone to a local privilege-escalation vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to run an application in a directory containing a malicious library file with a specific name. Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application.

GNUCash 2.3.15 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus