Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4842Improper Input Validation in Portable Runtime API

CWE-20Improper Input ValidationCWE-270Privilege Context Switching Error13 documents7 sources
Severity
3.6LOWNVD
EPSS
12.2%
top 6.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Netscape Portable Runtime APISUN Solaris
Timeline
PublishedOct 12
Latest updateMay 1

Description

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

NVDnetscape/portable_runtime_api4.6.1, 4.6.2+1
NVDsun/solaris10.0

🔴Vulnerability Details

2
GHSA
GHSA-c7x4-3f9v-h9qf: The Netscape Portable Runtime (NSPR) API 42022-05-01
CVEList
CVE-2006-4842: The Netscape Portable Runtime (NSPR) API 42006-10-12

💥Exploits & PoCs

7
Exploit-DB
Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)2018-09-18
Exploit-DB
Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (2)2006-10-24
Exploit-DB
Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)2006-10-24
Exploit-DB
Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2)2006-10-16
Exploit-DB
Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (1)2006-10-13

📋Vendor Advisories

1
Red Hat
nspr: setuid root programs linked with NSPR allow elevation of privilege2006-09-05

💬Community

2
Bugzilla
CVE-2006-4842 nspr: setuid root programs linked with NSPR allow elevation of privilege2015-08-14
Bugzilla
Incorrect check for SUID/SGID/fscaps programs2015-08-14
CVE-2006-4842 — Improper Input Validation | cvebase