Vulnerability Description
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Sunos | 5.8 |
References
- http://osvdb.org/36611
- http://secunia.com/advisories/26024Vendor Advisory
- http://secunia.com/advisories/26210
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1Patch
- http://support.avaya.com/elmodocs2/security/ASA-2007-319.htm
- http://www.vupen.com/english/advisories/2007/2494
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35334
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/36611
- http://secunia.com/advisories/26024Vendor Advisory
- http://secunia.com/advisories/26210
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1Patch
- http://support.avaya.com/elmodocs2/security/ASA-2007-319.htm
- http://www.vupen.com/english/advisories/2007/2494
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35334
FAQ
What is CVE-2007-3717?
CVE-2007-3717 is a vulnerability with a CVSS score of 6.9 (MEDIUM). rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containin...
How severe is CVE-2007-3717?
CVE-2007-3717 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3717?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Sunos.