The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00292
Percentile: 0.5222

CVSS Scoring

Affected Products

• cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
• cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
• cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
• cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
• cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

← Back to Home