Title: Slackware PATH Environment Variable Vulnerability
Severity: MODERATE
Description:
The PATH environment variable contains a list of directories used to reference the location of executable files. By including the current working directory '.' as an entry, it is possible to execute binaries located in a users working directory. This entry poses a security risk as malicious executables may be created, that mimic system commands, in a working directory of a user.
It has been reported that Slackware Linux adds the current working directory '.' and '/usr/andrew/bin' as entries in the root users PATH. By creating malicious executables, named after real or commonly mispelled system commands, it may be possible to cause the root user to execute arbitrary commands.
Affected Products:
- Slackware Linux 2.0.35
- Slackware Linux 3.4.0
- Slackware Linux 3.6.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
