Vulnerability Name: | CVE-2003-0027 (CCN-11129) | ||||||||
Assigned: | 2003-01-22 | ||||||||
Published: | 2003-01-22 | ||||||||
Updated: | 2018-10-30 | ||||||||
Summary: | Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2003-0027 Source: BUGTRAQ Type: UNKNOWN 20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner Source: CCN Type: Sun Alert ID: 50104 Security Issue with kcms_server Daemon Source: SUNALERT Type: UNKNOWN 50104 Source: CCN Type: CIAC Information Bulletin O-069 Sun kcms_server Daemon Vulnerability Source: CCN Type: Entercept Security Alert 01/22/2003 KCMS Library Service Daemon Arbitrary File Retrieval Vulnerability Source: MISC Type: Patch, Vendor Advisory http://www.entercept.com/news/uspr/01-22-03.asp Source: CCN Type: US-CERT VU#850785 Sun KCMS library service daemon does not adequately validate location of KCMS profiles Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#850785 Source: CCN Type: OSVDB ID: 8201 Sun Kodak Color Management System (KCMS) kcms_server Arbitrary File Access Source: BID Type: UNKNOWN 6665 Source: CCN Type: BID-6665 Kodak KCMS KCS_OPEN_PROFILE Procedure Arbitrary File Access Vulnerability Source: XF Type: UNKNOWN solaris-kcms-directory-traversal(11129) Source: XF Type: UNKNOWN solaris-kcms-directory-traversal(11129) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:120 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:195 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:2592 Source: CCN Type: Rapid7 Vulnerability & Exploit Database Solaris KCMS + TTDB Arbitrary File Read | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |