← Voltar para CVEs
CVE-2006-6165
HIGH7.8
Descricao
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
Detalhes CVE
Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado11/29/2006
Ultima modificacao4/9/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
freebsd:freebsdnetbsd:netbsd
Referencias
http://www.securityfocus.com/archive/1/452371/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/archive/1/452428/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/archive/1/452371/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/452428/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.