startkde in KDE for Caldera OpenLinux 2.3 up to and including 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
caldera openlinux server 3.1.1 |
||
caldera openlinux workstation 3.1.1 |