|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610
|
| |
Vulnerable Systems:
* Solaris 10 with the SUNWsrspx package
The vulnerability exists since attacker supplied data is passed directly to the syslog() function as the format string. This allows an attacker to overwrite arbitrary memory with arbitrary data, and can result in the execution of arbitrary code with root privileges.
Analysis:
Exploitation results in the execution of arbitrary code with root privileges. In order to exploit this vulnerability, an attacker must have the ability to execute the set-uid root binary.
The SRS Proxy Core package is not installed by default, but it is a common application.
Workaround:
To prevent exploitation of this vulnerability, remove the set-uid bit from the srsexec binary as shown below.
# chmod -s /opt/SUNWsrspx/bin/srsexec
Vendor response:
Sun Microsystems has addressed this vulnerability by releasing patches. For more information, consult Sun Alert 103119 at the following URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1
CVE Information:
CVE-2007-3880
Disclosure timeline:
07/18/2007 - Initial vendor notification
07/18/2007 - Initial vendor response
11/02/2007 - Public disclosure
|
|
|
|
|
