Vulnerabilities > CVE-2006-6494 - Local vulnerability in Sun Solaris LD.SO
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE local
sun
Summary
Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Oval
| accepted | 2007-09-27T08:57:44.757-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:2121 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2007-08-10T12:25:21.000-04:00 | ||||||||||||||||||||||||
| title | Security Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated Privileges | ||||||||||||||||||||||||
| version | 35 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=449
- http://secunia.com/advisories/23317
- http://securitytracker.com/id?1017376
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1
- http://www.securityfocus.com/bid/21564
- http://www.vupen.com/english/advisories/2006/4979
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30849
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2121