CVE-CVE-2006-4842 | UNKNOWN Severity | CVEDatabase.com

Description

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

CVSS Metrics

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Access Vector: local
Access Cmplx: low
Auth: none
Confidentiality: none
Integrity: partial
Availability: partial
Weaknesses: CWE-20

Metadata

Primary Vendor: NETSCAPE
Published: 10/12/2006
Last Modified: 4/9/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

netscape : portable_runtime_apinetscape : portable_runtime_apisun : solaris

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD