CVE-2006-0646 Information

Description

ld in SUSE Linux 9.1 through 10.0 and SLES 9 in certain circumstances when linking binaries can leave an empty RPATH or RUNPATH which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory which could contain an attacker-controlled library file.

Reference

http://lists.suse.com/archive/suse-security-announce/2006-Feb/0003.html http://secunia.com/advisories/18811 http://www.securityfocus.com/bid/16581