7.2
CVE-2006-6164
- EPSS 0.33%
- Veröffentlicht 29.11.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:32:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.244 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/22993
http://securitytracker.com/id?1017253
http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/
http://www.openbsd.org/errata.html#ldso
http://www.openbsd.org/errata39.html#ldso
http://www.securityfocus.com/archive/1/452371/100/0/threaded
http://www.securityfocus.com/archive/1/452428/100/0/threaded
http://www.securityfocus.com/bid/21188
https://exchange.xforce.ibmcloud.com/vulnerabilities/30441