CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 7CVE-2006-4842 – Solaris libnspr NSPR_LOG_FILE Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4842
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. Las API 4.6.1 y 4.6.2 de Netscape Portable Runtime (NSPR), usadas en Sun Solaris 10, permiten variables de entorno definidas por el usuario para especificar ficheros de traza incluso cuando se ejecutan desde programas Setuid, que permiten a los usuarios locales crear o sobre-escribir ficheros de su elección. • https://www.exploit-db.com/exploits/2641 https://www.exploit-db.com/exploits/2543 https://www.exploit-db.com/exploits/2569 https://www.exploit-db.com/exploits/45433 https://www.exploit-db.com/exploits/28789 https://www.exploit-db.com/exploits/28788 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418 http://secunia.com/advisories/22348 http://securitytracker.com/id?1017050 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1 http://w • CWE-20: Improper Input Validation •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5213
https://notcve.org/view.php?id=CVE-2006-5213
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation). Sun Solaris 10 anterior a 06/10/2006 usa "validaciones de permisos incorrectos e insuficienets" que permiten a un usuario local intereceptar o suplantar páquetes a través de la creación de un conector (socket) abierto sobre una agregación del enlace (agregación de dispositivo de red) • http://secunia.com/advisories/22246 http://secunia.com/advisories/22992 http://securitytracker.com/id?1017013 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102606-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.securityfocus.com/bid/20377 http://www.vupen.com/english/advisories/2006/3961 https://exchange.xforce.ibmcloud.com/vulnerabilities/29381 •
CVSS: 2.6EPSS: 0%CPEs: 54EXPL: 0CVE-2006-5215
https://notcve.org/view.php?id=CVE-2006-5215
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. La secuencia de comandos Xsession, tambien usado por X Display Manager (xdm) en NetBSD anterior a 12/02/2006, X.Org anterior a 17/03/2006, y Solaris 8 hasta la 10 anterior a 06/10/2006, permiten a un usuario local sobre escribir archivos de su elección, o leer otros ficheros de errores de usuarios de Xsession, a través de un ataque de enlaces simbólicos sobre un archivo/tmp/xses-$USER. • http://secunia.com/advisories/22992 http://securitytracker.com/id?1017015 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805 https://bugs.freedesktop.org/show_bug.cgi?id=5898 https://exchange.xforce.ibmcloud.com/vulnerabilities/29427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2205 •
CVSS: 1.2EPSS: 0%CPEs: 5EXPL: 0CVE-2006-5214
https://notcve.org/view.php?id=CVE-2006-5214
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. Condición de carrera en la secuencia de comandos Xsession, usada por el Administrador de pantalla X (X Display Manager, xdm) en NetBSD anerior al 12/02/2006, X.Org anterior al 25/02/2006, y Solaris 8 hasta 10 anterior a 06/10/2006, provoca que el archivo de errores de Xsession tenga permisos débiles antes de que se ejecute chmod, lo que permite a atacantes remotos leer archivos de errores de Xsession de otros usuarios. • http://secunia.com/advisories/22323 http://secunia.com/advisories/22439 http://secunia.com/advisories/22469 http://secunia.com/advisories/22992 http://securitytracker.com/id?1017015 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32804 http://www.securityfocus.com/bid/20400 http://www.ubuntu.com/usn/usn-364-1 http://www.vupen.com •
CVSS: 4.0EPSS: 1%CPEs: 95EXPL: 0CVE-2006-5201
https://notcve.org/view.php?id=CVE-2006-5201
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. Múltiples paquetes sobre Sun Solaris, incluyendo (1) NSS; (2) Java JDK and JRE 5.0 Update 8 y anteriores, SDK y JRE 1.4.x hasta 1.4.2_12, y SDK y JRE 1.3.x hasta 1.3.1_19; (3) JSSE 1.0.3_03 y anteriores; (4) IPSec/IKE; (5) Secure Global Desktop; y (6) StarOffice, cuando se usa una llave RSA con un exponente 3, elimina el relleno PKCS-1 antes de generar un hash, lo cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que esta firmada por una llave RSA y evita que estos productos verifiquen correctamente X.509 y otros certificados que utilicen PKCS #1. • http://secunia.com/advisories/22204 http://secunia.com/advisories/22226 http://secunia.com/advisories/22325 http://secunia.com/advisories/22992 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.kb.cert.org/vuls/id/845620 http://www.vupen.com/english/advisories/2006/3898 http://www.vupen.com/english/advisories/2006&# •