CVE Vulnerability

CVE-2007-3880

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1 Patch
http://www.securityfocus.com/bid/26313 Patch
http://secunia.com/advisories/27512 Patch Vendor Advisory
http://www.securitytracker.com/id?1018893
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1
http://osvdb.org/40836
http://www.vupen.com/english/advisories/2007/3711
Configurations

Configuration 1
Information

Published : 2007-11-14 01:46

Updated : 2018-10-30 04:25

NVD link : CVE-2007-3880

Mitre link : CVE-2007-3880

Products Affected
No products.
CWE
CWE-134

Use of Externally-Controlled Format String