FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proxychains-ng -- current path as the first directory for the library search path

Affected packages
proxychains-ng < 4.9

Details

VuXML ID 9471ec47-05a2-11e5-8fda-002590263bf5
Discovery 2015-05-11
Entry 2015-05-29

Mamoru TASAKA reports:

proxychains4 sets LD_PRELOAD to dlopen libproxychains4.so and execvp() the arbitrary command user has specified. proxychains4 sets the current directory as the first path to search libproxychains4.so

[source]

References

CVE Name CVE-2015-3887
Message http://openwall.com/lists/oss-security/2015/05/12/6
Message http://seclists.org/oss-sec/2015/q2/430

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.