Kodak Color Management System Utilities Local Arbitrary Command Execution Vulnerability

Bugtraq ID:	22175
Class:	Design Error
CVE:	CVE-2007-0503
Remote:	No
Local:	Yes
Published:	Jan 22 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	Cees-Bart Breunesse of the University of Nijmegen is credited with the discovery of this issue.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Avaya Interactive Response 2.0
Not Vulnerable:

Kodak Color Management System Utilities Local Arbitrary Command Execution Vulnerability

Kodak Color Management System is prone to a local command-execution vulnerability.

A local attacker can exploit this issue to execute arbitrary commands with superuser privileges.

This vulnerability is confirmed to affect the Kodak Color Managment System distributed with Sun Solaris 8 and 9. Other platforms may also be affected.

Kodak Color Management System Utilities Local Arbitrary Command Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Kodak Color Management System Utilities Local Arbitrary Command Execution Vulnerability

Solution:
Please see the referenced advisories for more information.


Sun Solaris 9_x86

• Sun 114637-04 (sun)
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -114637-04-1

Sun Solaris 8_x86

• Sun 111401-04 (sun)
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -111401-04-1

Sun Solaris 8_sparc

• Sun 111400-04 (sun)
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -111400-04-1

Kodak Color Management System Utilities Local Arbitrary Command Execution Vulnerability

References:

• Solaris Homepage (Sun Microsystems)
  
• ASA-2007-040 - Security Vulnerability in the kcms_calibrate(1) Command (Sun 1027 (Avaya)
  
• Security Vulnerability in the kcms_calibrate(1) Command (Sun Microsystems)