ID CVE-2003-0027
Summary Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:2.5.1:-:x86
    cpe:2.3:o:sun:solaris:2.5.1:-:x86
  • Sun Solaris 2.6
    cpe:2.3:o:sun:solaris:2.6
  • cpe:2.3:o:sun:solaris:7.0:-:x86
    cpe:2.3:o:sun:solaris:7.0:-:x86
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:9.0:x86_update_2
    cpe:2.3:o:sun:solaris:9.0:x86_update_2
  • Sun SunOS (formerly Solaris)
    cpe:2.3:o:sun:sunos
  • Sun Microsystems Solaris 2.5.1
    cpe:2.3:o:sun:sunos:5.5.1
  • Sun Microsystems Solaris 7
    cpe:2.3:o:sun:sunos:5.7
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
metasploit via4
description This module targets a directory traversal vulnerability in the kcms_server component from the Kodak Color Management System. By utilizing the ToolTalk Database Server\'s TT_ISBUILD procedure, an attacker can bypass existing directory traversal validation and read arbitrary files. Vulnerable systems include Solaris 2.5 - 9 SPARC and x86. Both kcms_server and rpc.ttdbserverd must be running on the target host.
id MSF:AUXILIARY/ADMIN/SUNRPC/SOLARIS_KCMS_READFILE
last seen 2019-03-16
modified 2017-07-24
published 2010-06-24
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb
title Solaris KCMS + TTDB Arbitrary File Read
oval via4
  • accepted 2007-04-25T19:52:14.919-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
    family unix
    id oval:org.mitre.oval:def:120
    status deprecated
    submitted 2003-01-30T12:00:00.000-04:00
    title Solaris 7 KCMS Arbitrary File Access Vulnerability
    version 32
  • accepted 2007-04-25T19:52:21.718-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
    family unix
    id oval:org.mitre.oval:def:195
    status deprecated
    submitted 2003-01-24T12:00:00.000-04:00
    title Solaris 8 KCMS Arbitrary File Access Vulnerability
    version 32
  • accepted 2010-09-20T04:00:20.237-04:00
    class vulnerability
    contributors
    • name Brian Soby
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
    family unix
    id oval:org.mitre.oval:def:2592
    status accepted
    submitted 2005-01-19T12:00:00.000-04:00
    title KCMS KCS_OPEN_PROFILE File Disclosure Vulnerability
    version 35
refmap via4
bid 6665
bugtraq 20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
cert-vn VU#850785
misc http://www.entercept.com/news/uspr/01-22-03.asp
sunalert 50104
xf solaris-kcms-directory-traversal(11129)
Last major update 17-10-2016 - 22:28
Published 07-02-2003 - 00:00
Last modified 30-10-2018 - 12:26
Back to Top