CVE-2007-2617

Published: May 11, 2007Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

Affected (2)

Products: Sun: Net Connect Software

Sun

1 product

Net Connect Software

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sun Net Connect Software	Version 3.2.3
Sun Net Connect Software	Version 3.2.4

Running on/with	Platform Versions
Sun Solaris	Version 10.0

References (18)

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531

Source: cve@mitre.org

http://osvdb.org/35940

Source: cve@mitre.org

http://secunia.com/advisories/25194

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/23915

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1018046

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1769

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34223

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1920

Source: cve@mitre.org

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531