VYPR
Unrated severityNVD Advisory· Published Dec 13, 2006· Updated Jun 16, 2026

CVE-2006-6494

CVE-2006-6494

Description

Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.

Affected products

4
  • cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*+ 2 more
    • cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
    • cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
    • (no CPE)range: 8, 9, 10
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.