Vulnerability Details : CVE-2006-6164
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
Products affected by CVE-2006-6164
- cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6164
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6164
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2006-6164
-
http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/
-
http://www.openbsd.org/errata.html#ldso
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30441
-
http://www.securityfocus.com/archive/1/452428/100/0/threaded
-
http://www.securityfocus.com/archive/1/452371/100/0/threaded
-
http://securitytracker.com/id?1017253
Patch
-
http://www.securityfocus.com/bid/21188
-
http://www.openbsd.org/errata39.html#ldso
Patch
Jump to