Vulnerability Details CVE-2006-4842
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.095
EPSS Ranking 92.4%
CVSS Severity
CVSS v2 Score 3.6
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418
- http://secunia.com/advisories/22348
- http://securitytracker.com/id?1017050
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1
- http://www.securityfocus.com/archive/1/448691/100/0/threaded
- http://www.securityfocus.com/bid/20471
- http://www.vupen.com/english/advisories/2006/4016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29489
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1819
- https://www.exploit-db.com/exploits/45433/
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418
- http://secunia.com/advisories/22348
- http://securitytracker.com/id?1017050
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1
- http://www.securityfocus.com/archive/1/448691/100/0/threaded
- http://www.securityfocus.com/bid/20471
- http://www.vupen.com/english/advisories/2006/4016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29489
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1819
- https://www.exploit-db.com/exploits/45433/
Products affected by CVE-2006-4842
-
cpe:2.3:a:netscape:portable_runtime_api:4.6.1
-
cpe:2.3:a:netscape:portable_runtime_api:4.6.2
-
cpe:2.3:o:sun:solaris:10.0