7.2

CVE-2007-3880

EPSS 0.05%
Published 14.11.2007 01:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Net Connect Software Version3.2.3

   Sun ≫ Sunos Version5.8
   Sun ≫ Sunos Version5.9
   Sun ≫ Sunos Version5.10

Sun ≫ Net Connect Software Version3.2.4

   Sun ≫ Sunos Version5.8
   Sun ≫ Sunos Version5.9
   Sun ≫ Sunos Version5.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.132

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610

http://osvdb.org/40836

http://secunia.com/advisories/27512

Patch

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1

http://www.securityfocus.com/bid/26313

Patch

http://www.securitytracker.com/id?1018893

http://www.vupen.com/english/advisories/2007/3711

https://nvd.nist.gov/vuln/detail/CVE-2007-3880

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3880

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3880

EUVD