CVE-2007-3717

high

Description

rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1772

https://exchange.xforce.ibmcloud.com/vulnerabilities/35334

http://www.vupen.com/english/advisories/2007/2494

http://support.avaya.com/elmodocs2/security/ASA-2007-319.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1

http://secunia.com/advisories/26210

http://secunia.com/advisories/26024

http://osvdb.org/36611

Details

Source: Mitre, NVD

Published: 2007-07-12

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High