CVE-2006-6164

Name of the Vulnerable Software and Affected Versions OpenBSD versions 3.9 through 4.0

Description The issue is related to the dl unsetenv function in loader.c in the ELF ld.so, which does not properly remove duplicate environment variables. This allows local users to pass dangerous variables, such as LD PRELOAD, to loading processes. This could potentially be leveraged to gain privileges.

Recommendations For OpenBSD versions 3.9 through 4.0, consider restricting the use of the LD PRELOAD variable to minimize the risk of exploitation. As a temporary workaround, avoid using the LD PRELOAD variable in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.