CVE-2004-2133

Name of the Vulnerable Software and Affected Versions CVSup version 16.1h

Description The issue concerns certain third-party packages for CVSup that contain untrusted paths in the ELF RPATH fields of certain executables. This could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries created in world-writable directories.

Recommendations For CVSup version 16.1h, consider restricting access to world-writable directories to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable executables until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.