OSVDB ID: 40836

Title: Sun Remote Services (SRS) Proxy Core Package srsexec Local Format String

Info

Disclosure

Nov 02, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 02, 2007

Description

Classification

Location: Remote / Network Access, Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private
Disclosure: Vendor Verified

Solution

Sun Microsystems has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: To prevent exploitation of this vulnerability, remove the set-uid bit from the srsexec binary as shown below. # chmod -s /opt/SUNWsrspx/bin/srsexec

Products

Unknown or Incomplete

References

Security Tracker: 1018893
CVE ID: 2007-3880 (see also: NVD)
Bugtraq ID: 26313
Secunia Advisory ID: 27512
VUPEN Advisory: ADV-2007-3711
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610
Vendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/40836