Format String Vulnerability in Sun Remote Services Net Connect by Sun Microsystems
CVE-2007-3880

Currently unrated

Key Information:

Vendor: Oracle
Status: Net Connect Software
Vendor: CVE Published:; 14 November 2007

What is CVE-2007-3880?

A format string vulnerability exists in the srsexec component of Sun Remote Services Net Connect versions 3.2.3 and 3.2.4, which allows local users to exploit format string specifiers in input that is logged through the syslog service. This vulnerability may enable unauthorized privilege escalation, leading to significant security concerns for systems utilizing these affected versions.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://osvdb.org/40836

vdb-entryx_refsource_OSVDB

http://www.securitytracker.com/id?1018893

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 14, 2007
Vulnerability Reserved
Jul 18, 2007

Oracle

What is CVE-2007-3880?

References

Timeline