Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3346

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-3346
Last Modified 07 Mar 2011 09:26:23
Published 20 Nov 2005 04:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-3346

Summary

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

Vulnerable Systems

Application

  • Osh 1.7.14


References

VUPEN - ADV-2005-2378

SECUNIA - 17527

MISC - http://pulltheplug.org/users/core/files/x_osh3.sh

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312

XF - osh-main-execute-code(23091)

BID - 15370

OSVDB - 20720

DEBIAN - DSA-918

SECUNIA - 17967


Last Updated: 27 May 2016 10:40:54