CVE-2006-4842

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418

http://secunia.com/advisories/22348

http://securitytracker.com/id?1017050

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1

http://www.securityfocus.com/archive/1/448691/100/0/threaded

http://www.securityfocus.com/bid/20471

http://www.vupen.com/english/advisories/2006/4016

https://exchange.xforce.ibmcloud.com/vulnerabilities/29489

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1819

https://www.exploit-db.com/exploits/45433/

Details

Source: MITRE

Published: 2006-10-12

Updated: 2018-10-17

Type: CWE-20

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
109912Solaris 10 (x86) : 119214-37NessusSolaris Local Security Checks
high
109911Solaris 10 (sparc) : 119213-37NessusSolaris Local Security Checks
high
109884Solaris 10 (x86) : 119214-38NessusSolaris Local Security Checks
medium
109882Solaris 10 (sparc) : 119213-38NessusSolaris Local Security Checks
medium
107816Solaris 10 (x86) : 119214-36NessusSolaris Local Security Checks
medium
107815Solaris 10 (x86) : 119214-33NessusSolaris Local Security Checks
medium
107814Solaris 10 (x86) : 119214-32NessusSolaris Local Security Checks
medium
107813Solaris 10 (x86) : 119214-31NessusSolaris Local Security Checks
medium
107812Solaris 10 (x86) : 119214-30NessusSolaris Local Security Checks
medium
107811Solaris 10 (x86) : 119214-27 (BEAST)NessusSolaris Local Security Checks
medium
107313Solaris 10 (sparc) : 119213-36NessusSolaris Local Security Checks
medium
107312Solaris 10 (sparc) : 119213-33NessusSolaris Local Security Checks
medium
107311Solaris 10 (sparc) : 119213-32NessusSolaris Local Security Checks
medium
107310Solaris 10 (sparc) : 119213-31NessusSolaris Local Security Checks
medium
107309Solaris 10 (sparc) : 119213-30NessusSolaris Local Security Checks
medium
107308Solaris 10 (sparc) : 119213-27 (BEAST)NessusSolaris Local Security Checks
medium
20055Solaris 10 (x86) : 119214-36 (deprecated)NessusSolaris Local Security Checks
medium
20052Solaris 10 (sparc) : 119213-36 (deprecated)NessusSolaris Local Security Checks
medium