A security vulnerability in the Netscape Portable Runtime (NSPR) API may allow a local unprivileged user to overwrite or create any file on the system which could lead to privilege escalation or a Denial of Service (DoS).

Additional information regarding this issue is available at:

• CVE-2006-4842 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4842
• iDefense Advisory 10.11.06 available at: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=418

Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing this issue to our attention.

iDefense credits an anonymous researcher working with the iDefense Vulnerability Contributor Program for the discovery of this issue.

This issue can occur in the following releases:

SPARC Platform

• Solaris 10 without patch 119213-10

x86 Platform

• Solaris 10 without patch 119214-10

Note: Solaris 8 and Solaris 9 are not impacted by this issue. However, third party software may use NSPR. This third party software would need to be setuid to be vulnerable. Please contact your Vendor.

There are no predictable symptoms that would show the described issue has been exploited, as it depends on which file is overwritten or created.

There is no workaround.  Please see Resolution section below.

This issue is addressed in the following releases:

SPARC Platform

• Solaris 10 with patch 119213-10 or later

x86 Platform

• Solaris 10 with patch 119214-10 or later

Note: Solaris 8 and Solaris 9 are not impacted by this issue. However, you can download the following patches to fix potential third party software vulnerabilities.

SPARC Platform

• Solaris 8 with patch 119209-10 or later
• Solaris 9 with patch 119211-10 or later

x86 Platform

• Solaris 9 with patch 119212-10 or later

Linux Platform

• Patch 121656-10 or later

HP-UX Platform

• Patch 124379-01 or later

Note: NSPR is not available for Solaris 8 on the x86 platform.

This solution has no attachment