CVE-2007-3880

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

Vulnerabilidad de formato de cadena en Sun Remote Services (SRS) Net Connect 3.2.3 y 3.2.4, como distribución en el paquete SRS Proxy Core (SUNWsrspx),permite a usuarios locales ganar privilegios a través de especificaciones de formato de cadena en entradas no especificadas que se validan a través del syslog.

*Credits: N/A

CVSS Scores

NISTv2 7.2

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-18 CVE Reserved
2007-11-06 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-134: Use of Externally-Controlled Format String

CAPEC

References (8)

URL	Tag	Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610	Third Party Advisory
http://osvdb.org/40836	Vdb Entry
http://www.securitytracker.com/id?1018893	Vdb Entry
http://www.vupen.com/english/advisories/2007/3711	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/27512	2018-10-30
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1	2018-10-30
http://www.securityfocus.com/bid/26313	2018-10-30

URL	Date	SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"	Net Connect Software Search vendor "Sun" for product "Net Connect Software"	3.2.3 Search vendor "Sun" for product "Net Connect Software" and version "3.2.3"	-	Affected	in	Sun Search vendor "Sun"	Sunos Search vendor "Sun" for product "Sunos"	5.8 Search vendor "Sun" for product "Sunos" and version "5.8"	-	Safe
Sun Search vendor "Sun"	Net Connect Software Search vendor "Sun" for product "Net Connect Software"	3.2.3 Search vendor "Sun" for product "Net Connect Software" and version "3.2.3"	-	Affected	in	Sun Search vendor "Sun"	Sunos Search vendor "Sun" for product "Sunos"	5.9 Search vendor "Sun" for product "Sunos" and version "5.9"	-	Safe
Sun Search vendor "Sun"	Net Connect Software Search vendor "Sun" for product "Net Connect Software"	3.2.3 Search vendor "Sun" for product "Net Connect Software" and version "3.2.3"	-	Affected	in	Sun Search vendor "Sun"	Sunos Search vendor "Sun" for product "Sunos"	5.10 Search vendor "Sun" for product "Sunos" and version "5.10"	-	Safe
Sun Search vendor "Sun"	Net Connect Software Search vendor "Sun" for product "Net Connect Software"	3.2.4 Search vendor "Sun" for product "Net Connect Software" and version "3.2.4"	-	Affected	in	Sun Search vendor "Sun"	Sunos Search vendor "Sun" for product "Sunos"	5.8 Search vendor "Sun" for product "Sunos" and version "5.8"	-	Safe
Sun Search vendor "Sun"	Net Connect Software Search vendor "Sun" for product "Net Connect Software"	3.2.4 Search vendor "Sun" for product "Net Connect Software" and version "3.2.4"	-	Affected	in	Sun Search vendor "Sun"	Sunos Search vendor "Sun" for product "Sunos"	5.9 Search vendor "Sun" for product "Sunos" and version "5.9"	-	Safe
Sun Search vendor "Sun"	Net Connect Software Search vendor "Sun" for product "Net Connect Software"	3.2.4 Search vendor "Sun" for product "Net Connect Software" and version "3.2.4"	-	Affected	in	Sun Search vendor "Sun"	Sunos Search vendor "Sun" for product "Sunos"	5.10 Search vendor "Sun" for product "Sunos" and version "5.10"	-	Safe