ID CVE-2007-2617
Summary srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • cpe:2.3:a:sun:net_connect_software:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:net_connect_software:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:net_connect_software:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:net_connect_software:3.2.4:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2007-09-27T08:57:42.438-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
family unix
id oval:org.mitre.oval:def:1920
status accepted
submitted 2007-08-10T12:25:19.000-04:00
title Security Vulnerability in Sun Remote Services (SRS) Net Connect Software
version 31
refmap via4
bid 23915
idefense 20070510 Sun Microsystems Solaris SRS Proxy Core srsexec Arbitrary File Read Vulnerability
osvdb 35940
sectrack 1018046
secunia 25194
sunalert 102891
vupen ADV-2007-1769
xf sunsrs-srsexec-information-disclosure(34223)
Last major update 11-10-2017 - 01:32
Published 11-05-2007 - 16:19
Back to Top