7.2

CVE-2005-2072

Exploit
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunSolaris Version8.0 Editionx86
SunSolaris Version9.0 Editionsparc
SunSolaris Version9.0 Editionx86
SunSolaris Version10.0 Editionsparc
SunSunos Version5.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1% 0.582
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html
Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html
Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html
http://secunia.com/advisories/15841
Vendor Advisory
http://securitytracker.com/id?1014537
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1
http://www.opensolaris.org/jive/thread.jspa?messageID=3497
http://www.securityfocus.com/bid/14074
Exploit
http://www.vupen.com/english/advisories/2005/0908
Vendor Advisory