|
|
CVE Reference: CVE-2005-3346 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-3346 |
|
|
Description: Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/23091 SAID Secunia Advisory: SA17527 Secunia Advisory: SA17967 OSVDB 20720 MISC http://pulltheplug.org/users/core/files/x_osh3.sh DEBIAN http://www.debian.org/security/2005/dsa-918 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312 BID 15370 |
|
| Return to the previous page. |
