CVE-2006-6165

Опубликовано: 29 нояб. 2006

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00141

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-6165

CVSS3: 7.8

debian

почти 19 лет назад

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does no ...

GHSA-9p96-p3x8-3838

CVSS3: 7.8

github

больше 3 лет назад

** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.

EPSS

Процентиль: 29%

0.00141

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-Other