CVE-2006-6165
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
** IMPUGNADA ** ld.so en FreeBSD, NetBSD, u posiblemente otras distribuciones BSD no borran ciertas variables de entorno perjudiciales, lo cual permite a usuarios locales obtener privilegios pasando cierta variables de entorno a procesos de carga. NOTA: este asunto ha sido impugnado por una tercera parte, afirmando que es responsabilidad de la aplicaciĆ³n limpiar adecuadamente el entorno.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-11-28 CVE Reserved
- 2006-11-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/452371/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/452428/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.2 Search vendor "Freebsd" for product "Freebsd" and version "6.2" | stable |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 2.0.4 Search vendor "Netbsd" for product "Netbsd" and version "2.0.4" | - |
Affected
| ||||||