CVE-2007-2617

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

Published: May 11, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2617
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sun / net_connect_software	3.2.3	3.2.3.x
sun / net_connect_software	3.2.4	3.2.4.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
http://osvdb.org/35940
http://secunia.com/advisories/25194
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1
http://www.securityfocus.com/bid/23915
http://www.securitytracker.com/id?1018046
http://www.vupen.com/english/advisories/2007/1769
https://exchange.xforce.ibmcloud.com/vulnerabilities/34223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920

Vulnerability Database

CVE-2007-2617