7.2

CVE-2006-6164

EPSS 0.05%
Veröffentlicht 29.11.2006 01:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openbsd ≫ Openbsd Version3.9

Openbsd ≫ Openbsd Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.137

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/22993

http://securitytracker.com/id?1017253

Patch

http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/

http://www.openbsd.org/errata.html#ldso

Patch

http://www.openbsd.org/errata39.html#ldso

Patch

http://www.securityfocus.com/archive/1/452371/100/0/threaded

http://www.securityfocus.com/archive/1/452428/100/0/threaded

http://www.securityfocus.com/bid/21188

https://exchange.xforce.ibmcloud.com/vulnerabilities/30441

https://nvd.nist.gov/vuln/detail/CVE-2006-6164

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6164

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6164

EUVD