Buffer Overflow in Environment Variable Substitution Code in OSH 1.7-14 Allows Injection of Arbitrary Environment Variables

Buffer Overflow in Environment Variable Substitution Code in OSH 1.7-14 Allows Injection of Arbitrary Environment Variables

CVE-2005-3346 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

Learn more about our User Device Pen Test.