CVE-2006-6164

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:22

Type Values Removed Values Added
References () http://secunia.com/advisories/22993 - () http://secunia.com/advisories/22993 -
References () http://securitytracker.com/id?1017253 - Patch () http://securitytracker.com/id?1017253 - Patch
References () http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/ - () http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/ -
References () http://www.openbsd.org/errata.html#ldso - Patch () http://www.openbsd.org/errata.html#ldso - Patch
References () http://www.openbsd.org/errata39.html#ldso - Patch () http://www.openbsd.org/errata39.html#ldso - Patch
References () http://www.securityfocus.com/archive/1/452371/100/0/threaded - () http://www.securityfocus.com/archive/1/452371/100/0/threaded -
References () http://www.securityfocus.com/archive/1/452428/100/0/threaded - () http://www.securityfocus.com/archive/1/452428/100/0/threaded -
References () http://www.securityfocus.com/bid/21188 - () http://www.securityfocus.com/bid/21188 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/30441 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/30441 -

Information

Published : 2006-11-29 01:28

Updated : 2024-11-21 00:22


NVD link : CVE-2006-6164

Mitre link : CVE-2006-6164

CVE.ORG link : CVE-2006-6164


JSON object : View

Products Affected

openbsd

  • openbsd