CVE-2005-3346

Name of the Vulnerable Software and Affected Versions OSH versions 1.7 through 1.7-14

Description The issue concerns multiple vulnerabilities in the OSH package of the Debian GNU/Linux operating system, which can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. A buffer overflow vulnerability exists in the environment variable substitution code, allowing local users to inject arbitrary environment variables, such as LD PRELOAD, via specially crafted pathname arguments.

Recommendations For OSH versions 1.7 through 1.7-14, consider restricting access to sensitive environment variables to minimize the risk of exploitation. As a temporary workaround, avoid using environment variable substitutions in pathname arguments until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.