CVE-2006-6164

Severity

72%

Complexity

39%

Confidentiality

165%

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

OpenBSD

First reported 18 years ago

2006-11-29 01:28:00

Last updated 6 years ago

2018-10-17 21:47:00

Affected Software

OpenBSD 3.9

3.9

OpenBSD 4.0

4.0

References

22993

1017253

Patch

http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/

[4.0] 005: SECURITY FIX: November 19, 2006

Patch

[3.9] 016: SECURITY FIX: November 19, 2006

Patch

20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.

20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.

21188

openbsd-elf-privilege-escalation(30441)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.