CVE-2007-3880

high

Description

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

References

http://www.vupen.com/english/advisories/2007/3711

http://www.securitytracker.com/id?1018893

http://www.securityfocus.com/bid/26313

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1

http://secunia.com/advisories/27512

http://osvdb.org/40836

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610

Details

Source: Mitre, NVD

Published: 2007-11-14

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00053