Vulnerability Name:

CVE-2006-4842 (CCN-29489)

Assigned:2006-10-11
Published:2006-10-11
Updated:2018-10-17
Summary:The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2006-4842

Source: IDEFENSE
Type: Vendor Advisory
20061011 Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability

Source: CCN
Type: SA22348
Solaris Netscape Portable Runtime Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
22348

Source: CCN
Type: SECTRACK ID: 1017050
Netscape Portable Runtime API Environment Variable Lets Local Users Create Arbitrary Files

Source: SECTRACK
Type: UNKNOWN
1017050

Source: CCN
Type: Sun Alert ID: 102658
Security Vulnerability in the Netscape Portable Runtime (NSPR) API Affects Solaris

Source: SUNALERT
Type: UNKNOWN
102658

Source: CCN
Type: Netscape Portable Runtime Web site
Netscape Portable Runtime (NSPR)

Source: CCN
Type: OSVDB ID: 29610
Netscape Portable Runtime Arbitrary File Overwrite

Source: BUGTRAQ
Type: UNKNOWN
20061013 Re: iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability

Source: BID
Type: UNKNOWN
20471

Source: CCN
Type: BID-20471
Sun Solaris Netscape Portable Runtime API Local Privilege Escalation Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-4016

Source: XF
Type: UNKNOWN
nspr-api-file-create(29489)

Source: XF
Type: UNKNOWN
nspr-api-file-create(29489)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 10.11.06
Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1819

Source: CCN
Type: Packet Storm Security [09-18-2018]
Solaris libnspr NSPR_LOG_FILE Privilege Escalation

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-18-2018]

Source: EXPLOIT-DB
Type: UNKNOWN
45433

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netscape:portable_runtime_api:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:portable_runtime_api:4.6.2:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:sun:solaris:10.0:*:sparc:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:netscape_portable_runtime:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:netscape_portable_runtime:4.6.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1819
    V
    		Security Vulnerability in the Netscape Portable Runtime (NSPR) API Affects Solaris
    2007-09-27
    BACK
    netscape portable runtime api 4.6.1
    netscape portable runtime api 4.6.2
    sun solaris 10.0
    mozilla netscape portable runtime 4.6.1
    mozilla netscape portable runtime 4.6.2
    sun solaris 10