CVE-2007-2617

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2617
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
http://osvdb.org/35940
http://secunia.com/advisories/25194 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1 Patch
http://www.securityfocus.com/bid/23915 Patch
http://www.securitytracker.com/id?1018046
http://www.vupen.com/english/advisories/2007/1769
https://exchange.xforce.ibmcloud.com/vulnerabilities/34223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
http://osvdb.org/35940
http://secunia.com/advisories/25194 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1 Patch
http://www.securityfocus.com/bid/23915 Patch
http://www.securitytracker.com/id?1018046
http://www.vupen.com/english/advisories/2007/1769
https://exchange.xforce.ibmcloud.com/vulnerabilities/34223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
OR cpe:2.3:a:sun:net_connect_software:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:net_connect_software:3.2.4:*:*:*:*:*:*:*
History

21 Nov 2024, 00:31

Type Values Removed Values Added
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531 -
References () http://osvdb.org/35940 - () http://osvdb.org/35940 -
References () http://secunia.com/advisories/25194 - Vendor Advisory () http://secunia.com/advisories/25194 - Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1 - Patch () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1 - Patch
References () http://www.securityfocus.com/bid/23915 - Patch () http://www.securityfocus.com/bid/23915 - Patch
References () http://www.securitytracker.com/id?1018046 - () http://www.securitytracker.com/id?1018046 -
References () http://www.vupen.com/english/advisories/2007/1769 - () http://www.vupen.com/english/advisories/2007/1769 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34223 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34223 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920 -
Information

Published : 2007-05-11 16:19

Updated : 2024-11-21 00:31

NVD link : CVE-2007-2617

Mitre link : CVE-2007-2617

CVE.ORG link : CVE-2007-2617

JSON object : View

Products Affected

sun

  • solaris
  • net_connect_software
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024