CVE-2006-0646
SUSE Linux 9.1-10.0 and SLES 9 - Local Arbitrary Code Execution via Empty RPATH/RUNPATH
Title source: llmDescription
ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16581
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18811
Patch, Vendor Advisory vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0003.html
Scores
EPSS
0.0008
EPSS Percentile
22.4%
Details
Status
published
Products (5)
suse/suse_linux
9.0
suse/suse_linux
9.1 (3 CPE variants)
suse/suse_linux
9.2 (3 CPE variants)
suse/suse_linux
9.3 (3 CPE variants)
suse/suse_linux
10.0
Published
Feb 11, 2006
Tracked Since
Feb 18, 2026