The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
Software | From | Fixed in |
---|---|---|
banshee-project / banshee | - | 1.8.0.x |
banshee-project / banshee | 0.13.2 | 0.13.2.x |
banshee-project / banshee | 1.0 | 1.0.x |
banshee-project / banshee | 1.2 | 1.2.x |
banshee-project / banshee | 1.2.1 | 1.2.1.x |
banshee-project / banshee | 1.4 | 1.4.x |
banshee-project / banshee | 1.4.2 | 1.4.2.x |
banshee-project / banshee | 1.4.3 | 1.4.3.x |
banshee-project / banshee | 1.5.0 | 1.5.0.x |
banshee-project / banshee | 1.5.1 | 1.5.1.x |
banshee-project / banshee | 1.5.2 | 1.5.2.x |
banshee-project / banshee | 1.5.3 | 1.5.3.x |
banshee-project / banshee | 1.5.4 | 1.5.4.x |
banshee-project / banshee | 1.5.5 | 1.5.5.x |
banshee-project / banshee | 1.5.6 | 1.5.6.x |
banshee-project / banshee | 1.6.0 | 1.6.0.x |
banshee-project / banshee | 1.6.1 | 1.6.1.x |
banshee-project / banshee | 1.7.0 | 1.7.0.x |
banshee-project / banshee | 1.7.1 | 1.7.1.x |
banshee-project / banshee | 1.7.2 | 1.7.2.x |
banshee-project / banshee | 1.7.3 | 1.7.3.x |
banshee-project / banshee | 1.7.4 | 1.7.4.x |
banshee-project / banshee | 1.7.5 | 1.7.5.x |
banshee-project / banshee | 1.7.6 | 1.7.6.x |