CVE-2010-4005

Name of the Vulnerable Software and Affected Versions GNOME Tomboy versions 1.5.2 and earlier

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to the tomboy and tomboy-panel scripts placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For GNOME Tomboy versions 1.5.2 and earlier, update to a version later than 1.5.2 to resolve the issue. As a temporary workaround, consider restricting the use of the LD LIBRARY PATH environment variable to minimize the risk of exploitation.