CVE-2005-2072 - Vulnerability Details - OpenCVE

The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Solaris Sunos

Configuration 1 [-]

OR	cpe:2.3:o:sun:solaris:8.0::x86:::::
	cpe:2.3:o:sun:solaris:9.0::sparc:::::
	cpe:2.3:o:sun:solaris:9.0::x86:::::
	cpe:2.3:o:sun:solaris:10.0::sparc:::::
	cpe:2.3:o:sun:sunos:5.8:::::::*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html
http://secunia.com/advisories/15841
http://securitytracker.com/id?1014537
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1
http://www.opensolaris.org/jive/thread.jspa?messageID=3497
http://www.securityfocus.com/bid/14074
http://www.vupen.com/english/advisories/2005/0908

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-06-29T04:00:00

Updated: 2024-08-07T22:15:36.875Z

Reserved: 2005-06-29T00:00:00

Link: CVE-2005-2072

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-06-29T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-2072

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-05-09T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2005-0908", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/0908"}, {"name": "101794", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.opensolaris.org/jive/thread.jspa?messageID=3497"}, {"name": "1014537", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014537"}, {"name": "20050628 Solaris 9/10 ld.so fun", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html"}, {"name": "15841", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15841"}, {"name": "14074", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14074"}, {"name": "20050628 Solaris 9/10 ld.so fun", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html"}, {"name": "20050628 Solaris 9/10 ld.so fun", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2072", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2005-0908", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/0908"}, {"name": "101794", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1"}, {"name": "http://www.opensolaris.org/jive/thread.jspa?messageID=3497", "refsource": "CONFIRM", "url": "http://www.opensolaris.org/jive/thread.jspa?messageID=3497"}, {"name": "1014537", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014537"}, {"name": "20050628 Solaris 9/10 ld.so fun", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html"}, {"name": "15841", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15841"}, {"name": "14074", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14074"}, {"name": "20050628 Solaris 9/10 ld.so fun", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html"}, {"name": "20050628 Solaris 9/10 ld.so fun", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:15:36.875Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2005-0908", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/0908"}, {"name": "101794", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.opensolaris.org/jive/thread.jspa?messageID=3497"}, {"name": "1014537", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014537"}, {"name": "20050628 Solaris 9/10 ld.so fun", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html"}, {"name": "15841", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/15841"}, {"name": "14074", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14074"}, {"name": "20050628 Solaris 9/10 ld.so fun", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html"}, {"name": "20050628 Solaris 9/10 ld.so fun", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2072", "datePublished": "2005-06-29T04:00:00", "dateReserved": "2005-06-29T00:00:00", "dateUpdated": "2024-08-07T22:15:36.875Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "7BF232A9-9E0A-481E-918D-65FC82EF36D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT."}], "id": "CVE-2005-2072", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-06-29T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/15841"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014537"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1"}, {"source": "cve@mitre.org", "url": "http://www.opensolaris.org/jive/thread.jspa?messageID=3497"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/14074"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/0908"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034730.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034731.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034738.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/15841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.opensolaris.org/jive/thread.jspa?messageID=3497"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/14074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/0908"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}