Red Hat Bugzilla – Bug 457939
CVE-2008-3278 frysk: insecure relative RPATH
Last modified: 2011-09-13 03:29:24 EDT
frysk packages as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of the multiple binaries shipped in the package.
This issue can possibly be exploited by a local attacker to run arbitrary code
as some other user if victim user can be convinced to run one of the affected frysk commands in an attacker controlled directory with specially crafted content.
Affected binaries: /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...)
This issue does not affect current frysk-0.4-0 packages in Fedora.