CVE-2006-4842
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
Title source: llmDescription
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Exploits (7)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalsolaris
https://www.exploit-db.com/exploits/45433
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/28789
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/2641
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/2569
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/28788
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/2543
metasploit
WORKING POC
EXCELLENT
by iDefense, Marco Ivaldi, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/local/libnspr_nspr_log_file_priv_esc.rb
References (10)
Scores
EPSS
0.1220
EPSS Percentile
93.9%
Details
CWE
CWE-20
Status
published
Products (3)
netscape/portable_runtime_api
4.6.1
netscape/portable_runtime_api
4.6.2
sun/solaris
10.0
Published
Oct 12, 2006
Tracked Since
Feb 18, 2026