Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2072Uncontrolled Search Path Element in Solaris

CWE-264CWE-427Uncontrolled Search Path Element6 documents5 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 47.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN SolarisSUN Sunos
Timeline
PublishedJun 29
Latest updateMay 1

Description

The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDsun/solaris10.0, 8.0, 9.0+2
NVDsun/sunos5.8

🔴Vulnerability Details

2
GHSA
GHSA-xvp7-pvpj-c69f: The runtime linker (ld2022-05-01
CVEList
CVE-2005-2072: The runtime linker (ld2005-06-29

💥Exploits & PoCs

2
Exploit-DB
Solaris 9/10 - 'ld.so' Local Privilege Escalation (2)2005-06-28
Exploit-DB
Solaris 9/10 - 'ld.so' Local Privilege Escalation (1)2005-06-28

📐Framework References

1
CWE
Uncontrolled Search Path Element
CVE-2005-2072 — Uncontrolled Search Path Element | cvebase