CVE-2006-6164 - The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remo

CVE-2006-6164

Summary

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

References

Vulnerable Configurations

cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	21188
bugtraq	20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders. 20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.
misc	http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/
openbsd	[3.9] 016: SECURITY FIX: November 19, 2006 [4.0] 005: SECURITY FIX: November 19, 2006
sectrack	1017253
secunia	22993
xf	openbsd-elf-privilege-escalation(30441)

Last major update

17-10-2018 - 21:47

Published

29-11-2006 - 01:28

Last modified

17-10-2018 - 21:47