Unrated severityNVD Advisory· Published Dec 13, 2006· Updated Jun 16, 2026
CVE-2006-6494
CVE-2006-6494
Description
Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.
Affected products
4cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*+ 2 more
- cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
- (no CPE)range: 8, 9, 10
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- labs.idefense.com/intelligence/vulnerabilities/display.phpnvdPatchVendor Advisory
- sunsolve.sun.com/search/document.donvdPatch
- secunia.com/advisories/23317nvd
- securitytracker.com/idnvd
- www.securityfocus.com/bid/21564nvd
- www.vupen.com/english/advisories/2006/4979nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30849nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2121nvd
News mentions
0No linked articles in our index yet.