Vulnerability Details : CVE-2005-2072
Potential exploit
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
Products affected by CVE-2005-2072
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
Threat overview for CVE-2005-2072
Top countries where our scanners detected CVE-2005-2072
Top open port discovered on systems with this issue
554
IPs affected by CVE-2005-2072 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2005-2072!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2005-2072
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2072
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2005-2072
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-2072
-
http://www.vupen.com/english/advisories/2005/0908
Vendor Advisory
-
http://www.opensolaris.org/jive/thread.jspa?messageID=3497
-
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html
Exploit
-
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html
-
http://www.securityfocus.com/bid/14074
Exploit
-
http://securitytracker.com/id?1014537
-
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html
Exploit
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1
Jump to