7.2

CVE-2006-6164

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenbsd Version3.9
OpenbsdOpenbsd Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.244
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22993
http://securitytracker.com/id?1017253
Patch
http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/
http://www.openbsd.org/errata.html#ldso
Patch
http://www.openbsd.org/errata39.html#ldso
Patch
http://www.securityfocus.com/archive/1/452371/100/0/threaded
http://www.securityfocus.com/archive/1/452428/100/0/threaded
http://www.securityfocus.com/bid/21188
https://exchange.xforce.ibmcloud.com/vulnerabilities/30441