ID CVE-2006-6494
Summary Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:10.0:-:sparc
    cpe:2.3:o:sun:solaris:10.0:-:sparc
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 6.6 (as of 13-12-2006 - 14:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
oval via4
accepted 2007-09-27T08:57:44.757-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.
family unix
id oval:org.mitre.oval:def:2121
status accepted
submitted 2007-08-10T12:25:21.000-04:00
title Security Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated Privileges
version 31
refmap via4
bid 21564
idefense 20061212 Sun Microsystems Solaris ld.so Directory Traversal Vulnerability
sectrack 1017376
secunia 23317
sunalert 102724
vupen ADV-2006-4979
xf solaris-ld-lang-directory-traversal(30849)
Last major update 07-03-2011 - 21:46
Published 12-12-2006 - 20:28
Last modified 30-10-2018 - 12:25
Back to Top