| CVE-2006-6495 | Date: (C)2006-12-12 (M)2023-12-22 |
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V2 Severity: |
| CVSS Score : 6.6 |
| Exploit Score: 2.7 |
| Impact Score: 10.0 |
| |
| CVSS V2 Metrics: |
| Access Vector: LOCAL |
| Access Complexity: MEDIUM |
| Authentication: |
| Confidentiality: COMPLETE |
| Integrity: COMPLETE |
| Availability: COMPLETE |
| | |
