Vulnerabilities > CVE-2007-2617 - Local Information Disclosure vulnerability in SUN NET Connect Software 3.2.3/3.2.4

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
sun
nessus
exploit available
metasploit
NVD
Published: 2007-05-11
Updated: 2017-10-11

Summary

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

Vulnerable Configurations

Part Description Count
OS
Sun
1
Application
Sun
2

Exploit-Db

descriptionSun Microsystems Solaris SRSEXEC 3.2.x Arbitrary File Read Local Information Disclosure Vulnerability. CVE-2007-2617. Local exploit for solaris platform
idEDB-ID:30021
last seen2016-02-03
modified2007-05-10
published2007-05-10
reporteranonymous
sourcehttps://www.exploit-db.com/download/30021/
titleSun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure Vulnerability

Metasploit

descriptionThis module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5. When srsexec is executed in debug (-d) verbose (-v) mode, the first line of an arbitrary file can be read due to the suid bit set. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash for cracking.
idMSF:POST/SOLARIS/ESCALATE/SRSEXEC_READLINE
last seen2020-06-14
modified2018-09-21
published2018-09-13
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/post/solaris/escalate/srsexec_readline.rb
titleSolaris srsexec Arbitrary File Reader

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_123870.NASL
    descriptionNetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07
    last seen2020-06-01
    modified2020-06-02
    plugin id25283
    published2007-05-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25283
    titleSolaris 9 (sparc) : 123870-05
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123870.NASL
    descriptionNetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07 This plugin has been deprecated and either replaced with individual 123870 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id25273
    published2007-05-20
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=25273
    titleSolaris 10 (sparc) : 123870-05 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_123870.NASL
    descriptionNetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07
    last seen2020-06-01
    modified2020-06-02
    plugin id25279
    published2007-05-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25279
    titleSolaris 8 (sparc) : 123870-05

Oval

accepted2007-09-27T08:57:42.438-04:00
classvulnerability
contributors
namePai Peng
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 8 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1539
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 8 (x86) is installed
    ovaloval:org.mitre.oval:def:2059
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionsrsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
familyunix
idoval:org.mitre.oval:def:1920
statusaccepted
submitted2007-08-10T12:25:19.000-04:00
titleSecurity Vulnerability in Sun Remote Services (SRS) Net Connect Software
version35

References