Vulnerability Report

CVE-2005-4790

RCE

Title: Suse Suse Linux RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2005-4790.

CWE Category NVD-CWE-noinfo

Published Date Dec 31, 2005

Modified Date Apr 03, 2025

Exploit Status Not Found

Score 6.9 CVSS v2.0

Exploit Probability (EPSS)

0.35%

Vulnerability Summary

CVE-2005-4790: Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.

Impacted Vendors

suse 1

novell 1

Reference Links

http://bugs.gentoo.org/show_bug.cgi?id=188806 http://bugs.gentoo.org/show_bug.cgi?id=189249 http://bugs.gentoo.org/show_bug.cgi?id=199841 http://osvdb.org/39577 http://osvdb.org/39578 http://secunia.com/advisories/26480 http://secunia.com/advisories/27608 http://secunia.com/advisories/27621 http://secunia.com/advisories/27799 http://secunia.com/advisories/28339 http://secunia.com/advisories/28672 http://security.gentoo.org/glsa/glsa-200711-12.xml http://security.gentoo.org/glsa/glsa-200801-14.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:064 http://www.novell.com/linux/security/advisories/2005_22_sr.html http://www.securityfocus.com/bid/25341 https://bugzilla.gnome.org/show_bug.cgi?id=485224 https://bugzilla.redhat.com/show_bug.cgi?id=362941 https://exchange.xforce.ibmcloud.com/vulnerabilities/36054 https://usn.ubuntu.com/560-1/ https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html http://bugs.gentoo.org/show_bug.cgi?id=188806 http://bugs.gentoo.org/show_bug.cgi?id=189249 http://bugs.gentoo.org/show_bug.cgi?id=199841 http://osvdb.org/39577 http://osvdb.org/39578 http://secunia.com/advisories/26480 http://secunia.com/advisories/27608 http://secunia.com/advisories/27621 http://secunia.com/advisories/27799 http://secunia.com/advisories/28339 http://secunia.com/advisories/28672 http://security.gentoo.org/glsa/glsa-200711-12.xml http://security.gentoo.org/glsa/glsa-200801-14.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:064 http://www.novell.com/linux/security/advisories/2005_22_sr.html http://www.securityfocus.com/bid/25341 https://bugzilla.gnome.org/show_bug.cgi?id=485224 https://bugzilla.redhat.com/show_bug.cgi?id=362941 https://exchange.xforce.ibmcloud.com/vulnerabilities/36054 https://usn.ubuntu.com/560-1/ https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.9

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2005-4790 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

December 31, 2005 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:L/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.