Vulnerabilities > CVE-2003-0027 - Unspecified vulnerability in SUN Solaris and Sunos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 10 |
Metasploit
| description | This module targets a directory traversal vulnerability in the kcms_server component from the Kodak Color Management System. By utilizing the ToolTalk Database Server\'s TT_ISBUILD procedure, an attacker can bypass existing directory traversal validation and read arbitrary files. Vulnerable systems include Solaris 2.5 - 9 SPARC and x86. Both kcms_server and rpc.ttdbserverd must be running on the target host. |
| id | MSF:AUXILIARY/ADMIN/SUNRPC/SOLARIS_KCMS_READFILE |
| last seen | 2020-05-23 |
| modified | 2019-10-05 |
| published | 2010-06-24 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb |
| title | Solaris KCMS + TTDB Arbitrary File Read |
Oval
accepted 2007-04-25T19:52:14.919-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Dragos Prisaca organization Secure Elements, Inc. name Jonathan Baker organization The MITRE Corporation
description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. family unix id oval:org.mitre.oval:def:120 status deprecated submitted 2003-01-30T12:00:00.000-04:00 title Solaris 7 KCMS Arbitrary File Access Vulnerability version 36 accepted 2007-04-25T19:52:21.718-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Dragos Prisaca organization Secure Elements, Inc. name Jonathan Baker organization The MITRE Corporation
description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. family unix id oval:org.mitre.oval:def:195 status deprecated submitted 2003-01-24T12:00:00.000-04:00 title Solaris 8 KCMS Arbitrary File Access Vulnerability version 36 accepted 2010-09-20T04:00:20.237-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Dragos Prisaca organization Secure Elements, Inc. name Jonathan Baker organization The MITRE Corporation
description Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. family unix id oval:org.mitre.oval:def:2592 status accepted submitted 2005-01-19T12:00:00.000-04:00 title KCMS KCS_OPEN_PROFILE File Disclosure Vulnerability version 39
References
- http://marc.info/?l=bugtraq&m=104326556329850&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104
- http://www.entercept.com/news/uspr/01-22-03.asp
- http://www.kb.cert.org/vuls/id/850785
- http://www.securityfocus.com/bid/6665
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11129
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592