Untrusted Search Path Vulnerability in McAfee VirusScan for Linux
CVE-2006-6474

Currently unrated

Key Information:

Vendor: Mcafee
Status: Virusscan
Vendor: CVE Published:; 14 December 2006

Summary

The vulnerability in McAfee VirusScan for Linux arises from the inclusion of the current working directory in the DT_RPATH environment variable. This design flaw permits local users to load arbitrary ELF DSO libraries from maliciously crafted directories, potentially leading to unauthorized code execution on the affected system. By exploiting this weakness, an attacker can compromise the integrity of the system, paving the way for further malicious activities.

References

http://secunia.com/advisories/23429

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/30898

vdb-entryx_refsource_XF

http://secunia.com/advisories/23278

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Dec 11, 2006