MidnightBSD

Advisories for osh

CVE-2005-3346 HIGH

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
osh osh 1.7.14
CVE-2005-3533 HIGH

Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
osh osh *