The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and previous versions place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
banshee-project banshee 1.0 |
||
banshee-project banshee 0.13.2 |
||
banshee-project banshee |
||
banshee-project banshee 1.7.0 |
||
banshee-project banshee 1.6.0 |
||
banshee-project banshee 1.5.1 |
||
banshee-project banshee 1.5.0 |
||
banshee-project banshee 1.4.3 |
||
banshee-project banshee 1.4.2 |
||
banshee-project banshee 1.7.6 |
||
banshee-project banshee 1.7.5 |
||
banshee-project banshee 1.6.1 |
||
banshee-project banshee 1.5.6 |
||
banshee-project banshee 1.4 |
||
banshee-project banshee 1.7.4 |
||
banshee-project banshee 1.7.3 |
||
banshee-project banshee 1.5.5 |
||
banshee-project banshee 1.5.4 |
||
banshee-project banshee 1.2.1 |
||
banshee-project banshee 1.2 |
||
banshee-project banshee 1.7.2 |
||
banshee-project banshee 1.7.1 |
||
banshee-project banshee 1.5.3 |
||
banshee-project banshee 1.5.2 |