CVE-2007-2617

Sažetak

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
http://osvdb.org/35940
http://secunia.com/advisories/25194
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1
http://www.securityfocus.com/bid/23915
http://www.securitytracker.com/id?1018046
http://www.vupen.com/english/advisories/2007/1769
https://exchange.xforce.ibmcloud.com/vulnerabilities/34223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:32

Objavljeno

11-05-2007 - 16:19