CVE-2008-3278

Name of the Vulnerable Software and Affected Versions frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5

Description The issue arises from an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f*, such as fcore, fcatch, fstack, and fstep, shipped in the frysk package. A local attacker can exploit this by running arbitrary code as another user.

Recommendations For frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5, consider rebuilding the packages with a secure RPATH set in the ELF header to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.