Sun Kodak Color Management System contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the KCS_OPEN_PROFILE not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the KCMS profile. This directory traversal attack would allow the attacker to access arbitrary files.

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.

• ISS X-Force ID: 11129
• OVAL ID: 120 195 2592
• CVE ID: 2003-0027 (see also: NVD)
• Bugtraq ID: 6665
• Metasploit ID: 8201
• CERT VU: 850785
• Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=104326556329850&w=2
• Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104 [ Link is 404 ]
• Other Advisory URL: http://www.entercept.com/news/uspr/01-22-03.asp

Unknown or Incomplete