Linux Empty Search Path Vulnerability

Empty Search Path (PATH or LD_LIBRARY_PATH) could lead to security vulnerabilities.

CWE-427: Uncontrolled Search Path Element

Empty Entry in LD_LIBRARY_PATH May Lead to Security Issues

CVE-2010-4450

  • Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.

请作者喝杯咖啡☕