Sun Remote Services Net Connect Software Local Format String Vulnerability
BID:26313
Info
Sun Remote Services Net Connect Software Local Format String Vulnerability
| Bugtraq ID: | 26313 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3880 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 03 2007 12:00AM |
| Updated: | Nov 20 2007 09:24PM |
| Credit: | Sean Larsson of iDefense Labs is credited with the discovery of this issue. |
| Vulnerable: |
Sun Sun Remote Services (SRS) Net Connect Software 3.2.4 Sun Sun Remote Services (SRS) Net Connect Software 3.2.3 |
| Not Vulnerable: | |
Discussion
Sun Remote Services Net Connect Software Local Format String Vulnerability
Sun Remote Services (SRS) Net Connect Software is prone to a local format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker can exploit this issue to execute arbitrary machine code with superuser privileges. A successful attack will completely compromise the computer. Failed attempts may cause denial-of-service conditions.
Sun Remote Services (SRS) Net Connect Software is prone to a local format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker can exploit this issue to execute arbitrary machine code with superuser privileges. A successful attack will completely compromise the computer. Failed attempts may cause denial-of-service conditions.
Exploit / POC
Sun Remote Services Net Connect Software Local Format String Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Sun Remote Services Net Connect Software Local Format String Vulnerability
Solution:
The vendor released an advisory and patches to address this issue. Please see the references for more information.
Sun Sun Remote Services (SRS) Net Connect Software 3.2.3
Solution:
The vendor released an advisory and patches to address this issue. Please see the references for more information.
Sun Sun Remote Services (SRS) Net Connect Software 3.2.3
References
Sun Remote Services Net Connect Software Local Format String Vulnerability
References:
References:
- Sun Homepage (Sun Microsystems )
- Sun Microsystems Solaris srsexec Format String Vulnerability (iDefense)
- Sun Net Connect Services Homepage (Sun)
- iDefense Security Advisory 11.02.07: Sun Microsystems Solaris srsexec Format Str (iDefense)
- Security Vulnerability in the Sun Remote Services (SRS) Net Connect Software (Sun)