Sun Solaris Low Bandwidth X Proxy Information Disclosure Vulnerability

Bugtraq ID:	25070
Class:	Access Validation Error
CVE:	CVE-2007-4070
Remote:	No
Local:	Yes
Published:	Jul 25 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Charles Morris is credited with discovering this issue.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10_sparc Avaya Interactive Response 1.3 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1
Not Vulnerable:

Sun Solaris Low Bandwidth X Proxy Information Disclosure Vulnerability

Sun Solaris Low Bandwidth X Proxy ('lbxproxy') is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain unauthorized read access to sensitive files. Information harvested may aid in further attacks.

Sun Solaris 8, 9, and 10 are reported vulnerable.

Sun Solaris Low Bandwidth X Proxy Information Disclosure Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Solaris Low Bandwidth X Proxy Information Disclosure Vulnerability

Solution:
Sun has released patches to address this issue. Please see the references for more information.


Sun Solaris 8_x86

• Sun 119068-08
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119068-08-1

Sun Solaris 8_sparc

• Sun 119067-08
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119067-08-1

Sun Solaris 9_x86

• Sun 112786-51
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -112786-51-1

Sun Solaris Low Bandwidth X Proxy Information Disclosure Vulnerability

References:

• ASA-2007-339 - A Security Vulnerability in lbxproxy(1) may Allow Unauthorized Re (Avaya)
  
• Sun Alert ID: 102948 (Sun)