CVE-2007-2617

2007-05-1116:19:00

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

30.4%

JSON

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

Affected configurations

Nvd

Node

sunsolarisMatch10.0sparc

AND

sunnet_connect_softwareMatch3.2.3

sunnet_connect_softwareMatch3.2.4

VendorProductVersionCPE
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
sunnet_connect_software3.2.3cpe:2.3:a:sun:net_connect_software:3.2.3:*:*:*:*:*:*:*
sunnet_connect_software3.2.4cpe:2.3:a:sun:net_connect_software:3.2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0::sparc:::::
sun	net_connect_software	3.2.3	cpe:2.3:a:sun:net_connect_software:3.2.3:::::::*
sun	net_connect_software	3.2.4	cpe:2.3:a:sun:net_connect_software:3.2.4:::::::*