GLSA-200512-07 : OpenLDAP, Gauche: RUNPATH issues
High Nessus Plugin ID 20327
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200512-07 (OpenLDAP, Gauche: RUNPATH issues)
Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths into the list of directories that are searched for libraries at runtime.
A local attacker, who is a member of the 'portage' group, could create a malicious shared object in the Portage temporary build directory that would be loaded at runtime by a dependent binary, potentially resulting in privilege escalation.
Only grant 'portage' group rights to trusted users.
SolutionAll OpenLDAP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose net-nds/openldap All Gauche users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-scheme/gauche-0.8.6-r1'