Vulnerability Details : CVE-2006-4842
Public exploit exists!
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Vulnerability category: Input validation
Products affected by CVE-2006-4842
- cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
- cpe:2.3:a:netscape:portable_runtime_api:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:portable_runtime_api:4.6.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4842
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-4842
-
Solaris libnspr NSPR_LOG_FILE Privilege Escalation
Disclosure Date: 2006-10-11First seen: 2020-04-26exploit/solaris/local/libnspr_nspr_log_file_priv_escThis module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log
CVSS scores for CVE-2006-4842
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:P |
3.9
|
4.9
|
NIST |
CWE ids for CVE-2006-4842
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-4842
-
Red Hat 2007-01-11This issue also affects other OS that use NSPR. However, Red Hat does not ship any application linked setuid or setgid against NSPR and therefore is not vulnerable to this issue.
References for CVE-2006-4842
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1
-
http://securitytracker.com/id?1017050
-
https://www.exploit-db.com/exploits/45433/
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418
Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1819
-
http://www.vupen.com/english/advisories/2006/4016
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29489
-
http://www.securityfocus.com/archive/1/448691/100/0/threaded
-
http://www.securityfocus.com/bid/20471
Sun Solaris Netscape Portable Runtime API Local Privilege Escalation Vulnerability
Jump to