7.2

CVE-2006-6164

EPSS 0.05%
Published 29.11.2006 01:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openbsd Version3.9

Openbsd ≫ Openbsd Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.137

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/22993

http://securitytracker.com/id?1017253

Patch

http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/

http://www.openbsd.org/errata.html#ldso

Patch

http://www.openbsd.org/errata39.html#ldso

Patch

http://www.securityfocus.com/archive/1/452371/100/0/threaded

http://www.securityfocus.com/archive/1/452428/100/0/threaded

http://www.securityfocus.com/bid/21188

https://exchange.xforce.ibmcloud.com/vulnerabilities/30441

https://nvd.nist.gov/vuln/detail/CVE-2006-6164

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6164

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6164

EUVD