CVE-2006-0646

Name of the Vulnerable Software and Affected Versions SUSE Linux versions 9.1 through 10.0 SLES version 9

Description The issue allows local attackers to execute arbitrary code as other users by running an ld-linked application from the current directory, which could contain an attacker-controlled library file, due to ld leaving an empty RPATH or RUNPATH in certain circumstances when linking binaries.

Recommendations For SUSE Linux versions 9.1 through 10.0, consider restricting access to the ld linker to minimize the risk of exploitation. For SLES version 9, avoid running ld-linked applications from untrusted directories until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.