Vulnerability Description
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Solaris | 10.0 |
| Sun | Net Connect Software | 3.2.3 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
- http://osvdb.org/35940
- http://secunia.com/advisories/25194Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1Patch
- http://www.securityfocus.com/bid/23915Patch
- http://www.securitytracker.com/id?1018046
- http://www.vupen.com/english/advisories/2007/1769
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34223
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
- http://osvdb.org/35940
- http://secunia.com/advisories/25194Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1Patch
- http://www.securityfocus.com/bid/23915Patch
- http://www.securitytracker.com/id?1018046
FAQ
What is CVE-2007-2617?
CVE-2007-2617 is a vulnerability with a CVSS score of 2.1 (LOW). srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of ...
How severe is CVE-2007-2617?
CVE-2007-2617 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2617?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Solaris, Sun Net Connect Software.