CVE-2007-3880

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

Published: Nov 14, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3880
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
sun / net_connect_software	3.2.3	3.2.3.x
sun / net_connect_software	3.2.4	3.2.4.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610
http://osvdb.org/40836
http://secunia.com/advisories/27512
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1
http://www.securityfocus.com/bid/26313
http://www.securitytracker.com/id?1018893
http://www.vupen.com/english/advisories/2007/3711

Vulnerability Database

CVE-2007-3880