The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netscape portable runtime api 4.6.2 |
||
netscape portable runtime api 4.6.1 |
||
sun solaris 10.0 |