CVE-2006-6165
HIGHNetBSD - Privilege Escalation via Environment Variable Injection
Title source: llmDescription
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452428/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452371/100/0/threaded
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
33.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (2)
freebsd/freebsd
6.2 stable
netbsd/netbsd
2.0.4
Published
Nov 29, 2006
Tracked Since
Feb 18, 2026