Lucene search
DebianCVELIST:CVE-2005-3346HistoryNov 20, 2005 - 9:00 p.m.
CVE-2005-3346
2005-11-2021:00:00
debian
www.cve.org
Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form “$VAR/EVAR=arg”, which cause the EVAR portion to be appended to a buffer returned by a getenv function call.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=338312
pulltheplug.org/users/core/files/x_osh3.sh
secunia.com/advisories/17527
secunia.com/advisories/17967
www.debian.org/security/2005/dsa-918
www.osvdb.org/20720
www.securityfocus.com/bid/15370
www.vupen.com/english/advisories/2005/2378
exchange.xforce.ibmcloud.com/vulnerabilities/23091
Related
cve
cve
CVE-2005-3346
2005-11-20 21:03:00
CVE-2005-3347
2005-11-18 02:02:00
ubuntucve
ubuntucve
CVE-2005-3346
2005-11-20 00:00:00
CVE-2005-3347
2005-11-18 00:00:00
nvd
nvd
CVE-2005-3346
2005-11-20 21:03:00
CVE-2005-3347
2005-11-18 02:02:00
openvas
openvas
Debian: Security Advisory (DSA-918-1)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-918-1 : osh - programming error
2006-10-14 00:00:00
osv
osv
osh - programming error
2005-12-09 00:00:00
cvelist
cvelist
CVE-2005-3347
2005-11-18 02:00:00
debiancve
debiancve
CVE-2005-3347
2005-11-18 02:02:00