7.2

CVE-2007-3880

EPSS 0.05%
Veröffentlicht 14.11.2007 01:46:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sun ≫ Net Connect Software Version3.2.3

   Sun ≫ Sunos Version5.8
   Sun ≫ Sunos Version5.9
   Sun ≫ Sunos Version5.10

Sun ≫ Net Connect Software Version3.2.4

   Sun ≫ Sunos Version5.8
   Sun ≫ Sunos Version5.9
   Sun ≫ Sunos Version5.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.132

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610

http://osvdb.org/40836

http://secunia.com/advisories/27512

Patch

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1

http://www.securityfocus.com/bid/26313

Patch

http://www.securitytracker.com/id?1018893

http://www.vupen.com/english/advisories/2007/3711

https://nvd.nist.gov/vuln/detail/CVE-2007-3880

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3880

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3880

EUVD