Lucene search

MitreCVE-2006-6494

HistoryDec 13, 2006 - 1:28 a.m.

CVE-2006-6494

2006-12-1301:28:00

mitre

web.nvd.nist.gov

cve-2006-6494

directory traversal

ld.so.1

sun solaris

arbitrary code execution

local users

environment variable

format string specifier

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a … (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.

Affected configurations

Nvd

Node

sunsolarisMatch9.0sparc

sunsolarisMatch10.0sparc

sunsunosMatch5.8

VendorProductVersionCPE
sunsolaris9.0cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
sunsunos5.8cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	9.0	cpe:2.3:o:sun:solaris:9.0::sparc:::::
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0::sparc:::::
sun	sunos	5.8	cpe:2.3:o:sun:sunos:5.8:::::::*

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=449

secunia.com/advisories/23317

securitytracker.com/id?1017376

sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1

www.securityfocus.com/bid/21564

www.vupen.com/english/advisories/2006/4979

exchange.xforce.ibmcloud.com/vulnerabilities/30849

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2121

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Related for CVE-2006-6494