QwikSec

Security Database

CVE

CWE

Training

CVE-2006-6164

Published: Nov 29, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[3.9] 016: SECURITY FIX: November 19, 2006

vendor-advisory

x_refsource_OPENBSD

http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/

x_refsource_MISC

20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

[4.0] 005: SECURITY FIX: November 19, 2006

vendor-advisory

x_refsource_OPENBSD

20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

openbsd-elf-privilege-escalation(30441)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.