CVE-2007-2617
published 2007-05-11CVE-2007-2617: srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which…
PriorityP419low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
3.80%
88.7th percentile
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | net_connect_software | — | — |
| sun | net_connect_software | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure
exploitdb·2007-05-10
CVE-2007-2617 Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure
Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure
---
source: https://www.securityfocus.com/bid/23915/info
Sun Microsystems Solaris is prone to a local information-disclosure vulnerability due to a design error.
A local attacker may exploit this issue to access sensitive information, including superuser password information, that may lead to further attacks. A complete compromise is possible.
The following exploit example is available:
$ /opt/SUNWsrspx/bin/srsexec -dvb /etc/shadow OWNED
Metasploit
Solaris srsexec Arbitrary File Reader
metasploit
Solaris srsexec Arbitrary File Reader
Solaris srsexec Arbitrary File Reader
This module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5. When srsexec is executed in debug (-d) verbose (-v) mode, the first line of an arbitrary file can be read due to the suid bit set. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash for cracking.
No writeups or analysis indexed.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531http://osvdb.org/35940http://secunia.com/advisories/25194http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1http://www.securityfocus.com/bid/23915http://www.securitytracker.com/id?1018046http://www.vupen.com/english/advisories/2007/1769https://exchange.xforce.ibmcloud.com/vulnerabilities/34223https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531http://osvdb.org/35940http://secunia.com/advisories/25194http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1http://www.securityfocus.com/bid/23915http://www.securitytracker.com/id?1018046http://www.vupen.com/english/advisories/2007/1769https://exchange.xforce.ibmcloud.com/vulnerabilities/34223https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920
2007-05-11
Published