CVE-2005-3346

2005-11-20T21:03:00
ID CVE-2005-3346
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:33:00

Description

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.