ID CVE-2007-2617
Summary srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:10.0:-:sparc
    cpe:2.3:o:sun:solaris:10.0:-:sparc
  • Sun Net Connect Software 3.2.3
    cpe:2.3:a:sun:net_connect_software:3.2.3
  • Sun Net Connect Software 3.2.4
    cpe:2.3:a:sun:net_connect_software:3.2.4
CVSS
Base: 2.1 (as of 14-05-2007 - 10:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Sun Microsystems Solaris SRSEXEC 3.2.x Arbitrary File Read Local Information Disclosure Vulnerability. CVE-2007-2617. Local exploit for solaris platform
id EDB-ID:30021
last seen 2016-02-03
modified 2007-05-10
published 2007-05-10
reporter anonymous
source https://www.exploit-db.com/download/30021/
title Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure Vulnerability
metasploit via4
description This module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5. When srsexec is executed in debug (-d) verbose (-v) mode, the first line of an arbitrary file can be read due to the suid bit set. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash for cracking.
id MSF:POST/SOLARIS/ESCALATE/SRSEXEC_READLINE
last seen 2018-10-08
modified 2018-09-21
published 2018-09-13
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/post/solaris/escalate/srsexec_readline.rb
title Solaris srsexec Arbitrary File Reader
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_123870.NASL
    description NetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 25279
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25279
    title Solaris 8 (sparc) : 123870-05
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_123870.NASL
    description NetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07 This plugin has been deprecated and either replaced with individual 123870 patch-revision plugins, or deemed non-security related.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 25273
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25273
    title Solaris 10 (sparc) : 123870-05 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_123870.NASL
    description NetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 25283
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25283
    title Solaris 9 (sparc) : 123870-05
oval via4
accepted 2007-09-27T08:57:42.438-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
family unix
id oval:org.mitre.oval:def:1920
status accepted
submitted 2007-08-10T12:25:19.000-04:00
title Security Vulnerability in Sun Remote Services (SRS) Net Connect Software
version 31
refmap via4
bid 23915
idefense 20070510 Sun Microsystems Solaris SRS Proxy Core srsexec Arbitrary File Read Vulnerability
osvdb 35940
sectrack 1018046
secunia 25194
sunalert 102891
vupen ADV-2007-1769
xf sunsrs-srsexec-information-disclosure(34223)
Last major update 07-03-2011 - 21:54
Published 11-05-2007 - 12:19
Last modified 10-10-2017 - 21:32
Back to Top