CVE-2005-3346

Properties

Published:
19.11.2005
Updated:
21.11.2005
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:I)
Product:
OSH: OSH

Vulnerability description

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form"$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

References:

http://pulltheplug.org/users/core/files/x_osh3.sh: http://pulltheplug.org/users/core/files/x_osh3.sh
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312
SECUNIA: http://secunia.com/advisories/17527
DEBIAN: http://www.debian.org/security/2005/dsa-918
BID: http://www.securityfocus.com/bid/15370
SECUNIA: http://secunia.com/advisories/17967
OSVDB: http://www.osvdb.org/20720
XF: http://xforce.iss.net/xforce/xfdb/23091
FRSIRT: http://www.frsirt.com/english/advisories/2005/2378