Vulnerabilities > CVE-2007-2617 - Local Information Disclosure vulnerability in SUN NET Connect Software 3.2.3/3.2.4
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Application | 2 |
Exploit-Db
description | Sun Microsystems Solaris SRSEXEC 3.2.x Arbitrary File Read Local Information Disclosure Vulnerability. CVE-2007-2617. Local exploit for solaris platform |
id | EDB-ID:30021 |
last seen | 2016-02-03 |
modified | 2007-05-10 |
published | 2007-05-10 |
reporter | anonymous |
source | https://www.exploit-db.com/download/30021/ |
title | Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure Vulnerability |
Metasploit
description | This module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5. When srsexec is executed in debug (-d) verbose (-v) mode, the first line of an arbitrary file can be read due to the suid bit set. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash for cracking. |
id | MSF:POST/SOLARIS/ESCALATE/SRSEXEC_READLINE |
last seen | 2020-06-14 |
modified | 2018-09-21 |
published | 2018-09-13 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/post/solaris/escalate/srsexec_readline.rb |
title | Solaris srsexec Arbitrary File Reader |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_123870.NASL description NetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25283 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25283 title Solaris 9 (sparc) : 123870-05 NASL family Solaris Local Security Checks NASL id SOLARIS10_123870.NASL description NetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07 This plugin has been deprecated and either replaced with individual 123870 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25273 published 2007-05-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25273 title Solaris 10 (sparc) : 123870-05 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_123870.NASL description NetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25279 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25279 title Solaris 8 (sparc) : 123870-05
Oval
accepted | 2007-09-27T08:57:42.438-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:1920 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2007-08-10T12:25:19.000-04:00 | ||||||||||||||||||||||||
title | Security Vulnerability in Sun Remote Services (SRS) Net Connect Software | ||||||||||||||||||||||||
version | 35 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531
- http://osvdb.org/35940
- http://secunia.com/advisories/25194
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1
- http://www.securityfocus.com/bid/23915
- http://www.securitytracker.com/id?1018046
- http://www.vupen.com/english/advisories/2007/1769
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34223
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920