7.2

CVE-2007-3880

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunNet Connect Software Version3.2.3
   SunSunos Version5.8
   SunSunos Version5.9
   SunSunos Version5.10
SunNet Connect Software Version3.2.4
   SunSunos Version5.8
   SunSunos Version5.9
   SunSunos Version5.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.249
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610
http://osvdb.org/40836
http://secunia.com/advisories/27512
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1
http://www.securityfocus.com/bid/26313
Patch
http://www.securitytracker.com/id?1018893
http://www.vupen.com/english/advisories/2007/3711