CVE-2006-6165

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/452371/100/0/threaded
http://www.securityfocus.com/archive/1/452428/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:6.2:stable::::::
	cpe:2.3:o:netbsd:netbsd:2.0.4:::::::*

History

No history.

Information

Published : 2006-11-29 01:28

Updated : 2024-05-17 00:31

NVD link : CVE-2006-6165

Mitre link : CVE-2006-6165

CVE.ORG link : CVE-2006-6165

JSON object : View

Products Affected

netbsd

netbsd

freebsd

freebsd

CWE

NVD-CWE-Other

{"id": "CVE-2006-6165", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-29T01:28:00.000", "references": [{"url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment"}, {"lang": "es", "value": "** IMPUGNADA ** ld.so en FreeBSD, NetBSD, u posiblemente otras distribuciones BSD no borran ciertas variables de entorno perjudiciales, lo cual permite a usuarios locales obtener privilegios pasando cierta variables de entorno a procesos de carga. NOTA: este asunto ha sido impugnado por una tercera parte, afirmando que es responsabilidad de la aplicaci\u00f3n limpiar adecuadamente el entorno."}], "lastModified": "2024-05-17T00:31:24.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32FCB0B3-8FBE-49FA-B17E-0D5462C9E5B4"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36419DD6-0DB4-4BB6-A35F-D8FDB89402F1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}