CVE-2006-4842
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
Title source: llmDescription
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Exploits (7)
metasploit
WORKING POC
EXCELLENT
by iDefense, Marco Ivaldi, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/local/libnspr_nspr_log_file_priv_esc.rb
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/28789
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/28788
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalsolaris
https://www.exploit-db.com/exploits/45433
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/2641
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/2543
exploitdb
WORKING POC
VERIFIED
by Marco Ivaldi · bashlocalsolaris
https://www.exploit-db.com/exploits/2569
References (10)
Scores
EPSS
0.1220
EPSS Percentile
93.7%
Classification
CWE
CWE-20
Status
draft
Affected Products (3)
netscape/portable_runtime_api
netscape/portable_runtime_api
sun/solaris
Timeline
Published
Oct 12, 2006
Tracked Since
Feb 18, 2026