7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
CPE | Name | Operator | Version |
---|---|---|---|
freebsd:freebsd | freebsd | eq | 6.2 |
netbsd:netbsd | netbsd | eq | 2.0.4 |