Multiple Linux Vendor TCLTK Unsafe Library Searching Vulnerability

TCL/TK is the Tool Command Language/Toolkit originally developed by Sun Microsystems, and now maintained by public domain.

When executed on some Linux systems, TCL searches the current working directory for certain libraries. A local user may be able to place one of the searched libraries in a world-writable directory. Upon a user executing a program that uses TCL in the directory, the contents of the library would be loaded, and executed with the permissions of the user.


 

Privacy Statement
Copyright 2010, SecurityFocus