CVE-2006-6165 - OpenCVE

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd
Netbsd	Netbsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:6.2:stable::::::
	cpe:2.3:o:netbsd:netbsd:2.0.4:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/452371/100/0/threaded
http://www.securityfocus.com/archive/1/452428/100/0/threaded

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-29T01:00:00

Updated: 2024-08-07T20:19:34.506Z

Reserved: 2006-11-28T00:00:00

Link: CVE-2006-6165

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-29T01:28:00.000

Modified: 2024-08-07T21:15:28.493

Link: CVE-2006-6165

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded"}, {"name": "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6165", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded"}, {"name": "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:34.506Z"}, "title": "CVE Program Container", "references": [{"name": "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded"}, {"name": "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6165", "datePublished": "2006-11-29T01:00:00", "dateReserved": "2006-11-28T00:00:00", "dateUpdated": "2024-08-07T20:19:34.506Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*", "matchCriteriaId": "32FCB0B3-8FBE-49FA-B17E-0D5462C9E5B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "36419DD6-0DB4-4BB6-A35F-D8FDB89402F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment"}, {"lang": "es", "value": "** IMPUGNADA ** ld.so en FreeBSD, NetBSD, u posiblemente otras distribuciones BSD no borran ciertas variables de entorno perjudiciales, lo cual permite a usuarios locales obtener privilegios pasando cierta variables de entorno a procesos de carga. NOTA: este asunto ha sido impugnado por una tercera parte, afirmando que es responsabilidad de la aplicaci\u00f3n limpiar adecuadamente el entorno."}], "id": "CVE-2006-6165", "lastModified": "2024-08-07T21:15:28.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-29T01:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}