CVE-2007-2617

medium

Description

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920

https://exchange.xforce.ibmcloud.com/vulnerabilities/34223

http://www.vupen.com/english/advisories/2007/1769

http://www.securitytracker.com/id?1018046

http://www.securityfocus.com/bid/23915

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1

http://secunia.com/advisories/25194

http://osvdb.org/35940

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531

Details

Source: Mitre, NVD

Published: 2007-05-11

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.09033

Detections

Analytics