Description of Problem: The script who fires galeon can be used to cheat another user or the superuser into running a program from the attacker. If You look at /usr/bin/galeon you wll noticce that it looks if there is a galeon-bin program in the CURRENT directory and tries to run it. So by placing an exceutable called galeon-bin in one of his directories and then having another user to fire galeon from that directory then instead of running the real galeon the victim wil be running the Trojan with his own access rights. Version-Release number of selected component (if applicable): 1.2.0 How Reproducible: 100% Steps to Reproduce: 1. Make a script called galeon-bin, make it executable. Fire galeon from that script and watch the script execute. (My script just prints: "What's new doc?) 2. 3. Actual Results: Expected Results: Additional Information:
I am not sure this is really a security problem but it still exists.
And in RHL9.
This was fixed today in GNOME CVS. module galeon, branch galeon-1-2
This will get fixed with our next release when we pick up the new galeon version.