Gentoo: GLSA 200612-15 High: McAfee VirusScan Remote Code Execution

Gentoo Linux Security Advisory GLSA 200612-15 https://security.gentoo.org/ Severity: High Title: McAfee VirusScan: Insecure DT_RPATH Date: December 14, 2006 Bugs: #156989 ID: 200612-15

Synopsis ======= McAfee VirusScan for Linux is distributed with an insecure DT_RPATH, potentially allowing a remote attacker to execute arbitrary code.
Background ========= McAfee VirusScan for Linux is a commercial antivirus solution for Linux.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-antivirus/vlnx <= 4510e Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.
========== Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DT_RPATH which included the current working directory, rather than $ORIGIN which was pr...