Vulnerabilities

CVE-2005-3346

by Fred · 20/11/2005

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

Date published : 2005-11-20

http://www.securityfocus.com/bid/15370

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312

Similar

Tags: Cybersecurity Alert