Vulnerabilities > CVE-2006-6495 - Local vulnerability in Sun Solaris LD.SO

CVSS 6.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

sun

NVD

Published: 2006-12-13

Updated: 2018-10-30

Summary

Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Solaris 9.0 SUN Solaris 10.0 SUN Sunos 5.8	3

Oval

accepted

2007-09-27T08:57:42.313-04:00

class

vulnerability

contributors

name	Pai Peng
organization	Opsware, Inc.

definition_extensions

comment Solaris 8 (SPARC) is installed
oval oval:org.mitre.oval:def:1539
comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 8 (x86) is installed
oval oval:org.mitre.oval:def:2059
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:1909

status

accepted

submitted

2007-08-10T12:25:21.000-04:00

title

Security Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated Privileges

version

Summary

Vulnerable Configurations

Oval

References