File Permission Weakness in Sun Solaris 10 by Sun Microsystems
CVE-2007-2617

Currently unrated

Key Information:

Vendor: Oracle
Status: Net Connect Software
Vendor: CVE Published:; 11 May 2007

What is CVE-2007-2617?

The Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 contains a vulnerability whereby the srsexec command does not properly enforce file permissions. This oversight allows local users to exploit the -d and -v options to read the first line of any arbitrary file on the system, potentially exposing sensitive information and leading to information disclosure risks.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://osvdb.org/35940

vdb-entryx_refsource_OSVDB

http://www.securitytracker.com/id?1018046

vdb-entryx_refsource_SECTRACK

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 11, 2007
Vulnerability Reserved
May 11, 2007

Oracle

What is CVE-2007-2617?

References

EPSS Score

Timeline