CVE-2006-4842

Impact:
Important
Public Date:
2006-09-05
CWE:
CWE-269
Bugzilla:
1253692: CVE-2006-4842 nspr: setuid root programs linked with NSPR allow elevation of privilege

The MITRE CVE dictionary describes this issue as:

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

Find out more about CVE-2006-4842 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue also affects other OS that use NSPR. However, Red Hat does not ship any application linked setuid or setgid against NSPR and therefore is not vulnerable to this issue.

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 nspr Not affected
Red Hat Enterprise Linux 6 nspr Not affected
Red Hat Enterprise Linux 5 nspr Not affected
Red Hat Enterprise Linux 4 nspr Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.