3.6
CVE-2006-4842
- EPSS 7.68%
- Veröffentlicht 12.10.2006 00:07:00
- Zuletzt bearbeitet 16.06.2026 22:29:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netscape ≫ Portable Runtime Api Version4.6.1
Netscape ≫ Portable Runtime Api Version4.6.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.68% | 0.938 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418
http://secunia.com/advisories/22348
http://securitytracker.com/id?1017050
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1
http://www.securityfocus.com/archive/1/448691/100/0/threaded
http://www.securityfocus.com/bid/20471
http://www.vupen.com/english/advisories/2006/4016
https://exchange.xforce.ibmcloud.com/vulnerabilities/29489
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1819
https://www.exploit-db.com/exploits/45433/