elinks
Page content
- Author: voroskoi
- Vulnerable: 0.11.2-1
- Unaffected: 0.11.2-2terminus1
Arnaud Giersch has reported a weakness in ELinks, which potentially can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to the “add_filename_to_string()” function in src/intl/gettext/loadmsgcat.c reading gettext catalogs from potentially untrusted paths. This can be exploited to execute arbitrary code with escalated privileges by enticing another user to run ELinks in a specially prepared directory environment.
- Bug Tracker URL: http://bugs.frugalware.org/task/2031