Executive Summary
Summary | |
---|---|
Title | Sun Alert 103119 Security Vulnerability in the Sun Remote Services (SRS) Net Connect Software |
Informations | |||
---|---|---|---|
Name | SUN-103119 | First vendor Publication | 2007-11-02 |
Vendor | Sun | Last vendor Modification | 2007-11-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Net Connect 3.2 Services A format string security vulnerability in the Sun Remote Services (SRS) Net Connect Software may allow an unprivileged local user to execute arbitrary code with root privileges. Sun acknowledges with thanks, Sean Larsson of iDefense Labs (http://www.idefense.com) for bringing this issue to our attention. This issue is also described in the following document: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610 Avoidance: Patch State: Resolved First released: 02-Nov-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_103119_security_vulnerability |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40836 | Sun Remote Services (SRS) Proxy Core Package srsexec Local Format String |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-05-20 | Name : The remote host is missing Sun Security Patch number 125713-02 File : solaris10_125713.nasl - Type : ACT_GATHER_INFO |
2007-05-20 | Name : The remote host is missing Sun Security Patch number 125713-02 File : solaris8_125713.nasl - Type : ACT_GATHER_INFO |
2007-05-20 | Name : The remote host is missing Sun Security Patch number 125713-02 File : solaris9_125713.nasl - Type : ACT_GATHER_INFO |