ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netbsd netbsd 2.0.4 |
||
freebsd freebsd 6.2 |