CVE-2005-2072

Name of the Vulnerable Software and Affected Versions: Solaris versions 8 through 10

Description: The issue concerns the runtime linker (ld.so) in Solaris, which trusts the LD AUDIT environment variable in setuid or setgid programs. This trust allows local users to potentially gain privileges by modifying LD AUDIT to reference malicious code. Additionally, using a long value for LD AUDIT may be exploited.

Recommendations: For Solaris versions 8 through 10, consider restricting the use of the LD AUDIT environment variable in setuid or setgid programs to minimize the risk of exploitation. As a temporary workaround, avoid using long values for LD AUDIT until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.