ID CVE-2003-0027
Summary Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
    cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2007-04-25T19:52:14.919-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
    family unix
    id oval:org.mitre.oval:def:120
    status deprecated
    submitted 2003-01-30T12:00:00.000-04:00
    title Solaris 7 KCMS Arbitrary File Access Vulnerability
    version 32
  • accepted 2007-04-25T19:52:21.718-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
    family unix
    id oval:org.mitre.oval:def:195
    status deprecated
    submitted 2003-01-24T12:00:00.000-04:00
    title Solaris 8 KCMS Arbitrary File Access Vulnerability
    version 32
  • accepted 2010-09-20T04:00:20.237-04:00
    class vulnerability
    contributors
    • name Brian Soby
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Dragos Prisaca
      organization Secure Elements, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
    family unix
    id oval:org.mitre.oval:def:2592
    status accepted
    submitted 2005-01-19T12:00:00.000-04:00
    title KCMS KCS_OPEN_PROFILE File Disclosure Vulnerability
    version 35
refmap via4
bid 6665
bugtraq 20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
cert-vn VU#850785
misc http://www.entercept.com/news/uspr/01-22-03.asp
sunalert 50104
xf solaris-kcms-directory-traversal(11129)
Last major update 30-10-2018 - 16:26
Published 07-02-2003 - 05:00
Back to Top