ID | CVE-2005-3346 | ||||||
Sažetak | Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | ||||||
Reference |
|
||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | AV:L/AC:L/Au:N/C:C/I:C/A:C | ||||||
Zadnje važnije ažuriranje | 11-07-2017 - 01:33 | ||||||
Objavljeno | 20-11-2005 - 21:03 |