Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-2617

Disclosure Date: May 11, 2007
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

Add Assessment

1
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Technical Analysis

This is similar to CVE-2009-2936, but on a local binary instead of a network port. The binary, which is obscure and not easy to find, when given an arbitrary file as input with debug and verbose mode set, will attempt to load it. The arbitrary file will fail to load because it isn’t a correct file, and the first line will be echoed back to the screen, split at 20 characters in length. The binary also runs with the suid bit set, so most likely you’ll want /etc/shadow to get root’s hash.

General Information

Technical Analysis