CVE-2006-4842

This Metasploit module exploits CVE-2006-4842, a privilege escalation vulnerability in Solaris libnspr (NSPR_LOG_FILE) by writing a shared object to a trusted directory and leveraging an SUID binary to gain root privileges.

This exploit leverages a design error in NSPR (CVE-2006-4842) on Solaris 10, where environment variables are used to create log files with elevated privileges. It creates a malicious shared library with a constructor that spawns a root shell when loaded by a setuid binary.

This exploit leverages a design error in NSPR (CVE-2006-4842) on Solaris 10 to create or overwrite arbitrary files with elevated privileges. It uses environment variables to manipulate log file creation and a shared library with a constructor to execute arbitrary code as root.

This exploit leverages a design error in NSPR (CVE-2006-4842) on Solaris 10, where environment variables are used to create log files with elevated privileges. It compiles a malicious shared library to override `getuid()` and escalates privileges via `LD_PRELOAD`.

This exploit leverages a design error in the Netscape Portable Runtime (NSPR) API on Solaris 10, where environment variables are used to create log files with elevated privileges. By manipulating the NSPR_LOG_FILE variable, an attacker can overwrite arbitrary files (e.g., /.rhosts) to gain root access via rsh.

This exploit leverages a design error in NSPR (CVE-2006-4842) on Solaris 10, where environment variables control log file creation, allowing arbitrary file writes with elevated privileges. It abuses setuid binaries to overwrite /.rhosts and gain root access via rsh.

This Metasploit module exploits a privilege escalation vulnerability in Solaris libnspr (CVE-2006-4842) by leveraging the NSPR_LOG_FILE environment variable to create arbitrary files with elevated privileges. It writes a shared object to a trusted library directory and executes a SUID binary to gain root access.