CVE-2010-1039
rpc.pcnfsd - Remote Format String
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
Vulnerabilidad de cadena de formato en la función _msgout en rpc.pcnfsd en AIX de IBM versiones 6.1, 5.3 y anteriores; VIOS de IBM versiones 2.1, 1.5 y anteriores; NFS/ONCplus versión B.11.31_09 y anteriores sobre HP-UX de HP versiones B.11.11, B.11.23 y B.11.31; y IRIX de SGI versión 6.5, permiten a los atacantes remotos ejecutar código arbitrario por medio de una petición RPC que contiene especificadores de cadena de formato en un nombre de directorio no comprobado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-03-19 CVE Reserved
- 2010-05-20 CVE Published
- 2010-07-18 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (27)
| URL | Tag | Source |
|---|---|---|
| http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc | X_refsource_confirm | |
| http://osvdb.org/64729 | Vdb Entry | |
| http://secunia.com/advisories/39911 | Third Party Advisory | |
| http://securitytracker.com/id?1024016 | Vdb Entry | |
| http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/511405/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1023994 | Vdb Entry | |
| http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58718 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14407 | 2010-07-18 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/40248 | 2018-10-10 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=127428077629933&w=2 | 2018-10-10 | |
| http://secunia.com/advisories/39835 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ73590 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ73599 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ73681 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ73757 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ73874 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ75369 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ75440 | 2018-10-10 | |
| http://www.ibm.com/support/docview.wss?uid=isg1IZ75465 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2010/1199 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2010/1211 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2010/1212 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2010/1213 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hp Search vendor "Hp" | Nfs\/oncplus Search vendor "Hp" for product "Nfs\/oncplus" | <= b.11.31_09 Search vendor "Hp" for product "Nfs\/oncplus" and version " <= b.11.31_09" | - |
Affected
| in | Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | b.11.11 Search vendor "Hp" for product "Hp-ux" and version "b.11.11" | - |
Safe
|
| Hp Search vendor "Hp" | Nfs\/oncplus Search vendor "Hp" for product "Nfs\/oncplus" | <= b.11.31_09 Search vendor "Hp" for product "Nfs\/oncplus" and version " <= b.11.31_09" | - |
Affected
| in | Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | b.11.23 Search vendor "Hp" for product "Hp-ux" and version "b.11.23" | - |
Safe
|
| Hp Search vendor "Hp" | Nfs\/oncplus Search vendor "Hp" for product "Nfs\/oncplus" | <= b.11.31_09 Search vendor "Hp" for product "Nfs\/oncplus" and version " <= b.11.31_09" | - |
Affected
| in | Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | b.11.31 Search vendor "Hp" for product "Hp-ux" and version "b.11.31" | - |
Safe
|
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | <= 5.3 Search vendor "Ibm" for product "Aix" and version " <= 5.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 1.2.1 Search vendor "Ibm" for product "Aix" and version "1.2.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 1.3 Search vendor "Ibm" for product "Aix" and version "1.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 2.2.1 Search vendor "Ibm" for product "Aix" and version "2.2.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 3.1 Search vendor "Ibm" for product "Aix" and version "3.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 3.2 Search vendor "Ibm" for product "Aix" and version "3.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 3.2.0 Search vendor "Ibm" for product "Aix" and version "3.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 3.2.4 Search vendor "Ibm" for product "Aix" and version "3.2.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 3.2.5 Search vendor "Ibm" for product "Aix" and version "3.2.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4 Search vendor "Ibm" for product "Aix" and version "4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.0 Search vendor "Ibm" for product "Aix" and version "4.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.1 Search vendor "Ibm" for product "Aix" and version "4.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.1.1 Search vendor "Ibm" for product "Aix" and version "4.1.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.1.2 Search vendor "Ibm" for product "Aix" and version "4.1.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.1.3 Search vendor "Ibm" for product "Aix" and version "4.1.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.1.4 Search vendor "Ibm" for product "Aix" and version "4.1.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.1.5 Search vendor "Ibm" for product "Aix" and version "4.1.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.2 Search vendor "Ibm" for product "Aix" and version "4.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.2.0 Search vendor "Ibm" for product "Aix" and version "4.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.2.1 Search vendor "Ibm" for product "Aix" and version "4.2.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.2.1.12 Search vendor "Ibm" for product "Aix" and version "4.2.1.12" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.3 Search vendor "Ibm" for product "Aix" and version "4.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.3.0 Search vendor "Ibm" for product "Aix" and version "4.3.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.3.1 Search vendor "Ibm" for product "Aix" and version "4.3.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.3.2 Search vendor "Ibm" for product "Aix" and version "4.3.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 4.3.3 Search vendor "Ibm" for product "Aix" and version "4.3.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.1 Search vendor "Ibm" for product "Aix" and version "5.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.1.0.10 Search vendor "Ibm" for product "Aix" and version "5.1.0.10" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.1l Search vendor "Ibm" for product "Aix" and version "5.1l" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.2 Search vendor "Ibm" for product "Aix" and version "5.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.2.0 Search vendor "Ibm" for product "Aix" and version "5.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.2.0.50 Search vendor "Ibm" for product "Aix" and version "5.2.0.50" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.2.0.54 Search vendor "Ibm" for product "Aix" and version "5.2.0.54" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.2.2 Search vendor "Ibm" for product "Aix" and version "5.2.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 5.2_l Search vendor "Ibm" for product "Aix" and version "5.2_l" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 6.1 Search vendor "Ibm" for product "Aix" and version "6.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | 430 Search vendor "Ibm" for product "Aix" and version "430" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Vios Search vendor "Ibm" for product "Vios" | <= 1.5 Search vendor "Ibm" for product "Vios" and version " <= 1.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Vios Search vendor "Ibm" for product "Vios" | 1.4 Search vendor "Ibm" for product "Vios" and version "1.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Vios Search vendor "Ibm" for product "Vios" | 2.1 Search vendor "Ibm" for product "Vios" and version "2.1" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Irix Search vendor "Sgi" for product "Irix" | 6.5 Search vendor "Sgi" for product "Irix" and version "6.5" | - |
Affected
| ||||||