CVE-2005-2657

Name of the Vulnerable Software and Affected Versions common-lisp-controller versions 4.18 and earlier

Description The issue allows local users to gain privileges by compiling arbitrary code in the cache directory. This code is executed by another user if the user has not run Common Lisp before. Multiple vulnerabilities in the common-lisp-controller package may lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker.

Recommendations For common-lisp-controller versions 4.18 and earlier, consider restricting access to the cache directory to prevent arbitrary code compilation until a fix is available. As a temporary workaround, consider disabling the compilation of code in the cache directory for users who have not run Common Lisp before, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.