Definition

Security Vulnerability in the Netscape Portable Runtime (NSPR) API Affects Solaris

oval:org.mitre.oval:def:1819

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2 as used in Sun Solaris 10 trusts user-specified environment variables for specifying log files even when running from setuid programs which allows local users to create or overwrite arbitrary files.

Family:

unix

Status:

ACCEPTED

Platform(s):

Sun Solaris 10

Class:

vulnerability

Reference(s):

CVE-2006-4842

Product(s):