CVE-2005-2072

SUN Solaris - Access Control

Title source: rule

Description

The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Przemyslaw Frasunek · clocalsolaris

https://www.exploit-db.com/exploits/1074

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Przemyslaw Frasunek · clocalsolaris

https://www.exploit-db.com/exploits/1073

View Code ZIP pw:eip

References (9)

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/0908

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1

[Various Sources] http://www.opensolaris.org/jive/thread.jspa?messageID=3497

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014537

[Exploit] http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html

[Vendor Advisory] http://secunia.com/advisories/15841

[Exploit] http://www.securityfocus.com/bid/14074

[Exploit] http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Details

CWE

CWE-264

Status published

Products (4)

sun/solaris 8.0

sun/solaris 9.0 (2 CPE variants)

sun/solaris 10.0

sun/sunos 5.8

Published Jun 29, 2005

Tracked Since Feb 18, 2026