The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Exploitability
AV:LAC:LAu:NImpact
C:NI:PA:P3.6/AV:L/AC:L/Au:N/C:N/I:P/A:P