CVE-2010-4435
Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
Una vulnerabilidad no especificada en Solaris de Oracle versiones 8, 9 y 10, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad, relacionadas con CDE Calendar Manager Service Daemon and RPC. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado sobre las afirmaciones de otros proveedores de software que esto afecta a otros sistemas operativos, como HP-UX, o las afirmaciones de un tercero confiable de que se trata de un desbordamiento de búfer en el archivo rpc.cmsd por medio de cadenas ASCII largas codificadas en XDR en la llamada RPC 10.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Calendar Manager RPC Service. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the CMSD server (rpc.cmsd) which listens by default on UDP port 32768. The process does not properly handle large XDR-encoded ASCII strings to RPC call 10 followed by RPC call 6. This can be abused by an attacker to overflow a buffer on the remote host. Successful exploitation can result in arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-12-06 CVE Reserved
- 2011-01-19 CVE Published
- 2011-02-09 First Exploit
- 2024-05-04 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc | X_refsource_misc | |
| http://osvdb.org/70569 | Vdb Entry | |
| http://securityreason.com/securityalert/8069 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/516284/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/516304/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/45853 | Vdb Entry | |
| http://www.securityfocus.com/bid/46261 | Vdb Entry | |
| http://www.securitytracker.com/id?1024975 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-062 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64797 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16137 | 2011-02-09 | |
| http://www.exploit-db.com/exploits/16137 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395 | 2018-10-10 | |
| http://secunia.com/advisories/42984 | 2018-10-10 | |
| http://secunia.com/advisories/43258 | 2018-10-10 | |
| http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2011/0151 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2011/0352 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.8 Search vendor "Sun" for product "Sunos" and version "5.8" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.9 Search vendor "Sun" for product "Sunos" and version "5.9" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.10 Search vendor "Sun" for product "Sunos" and version "5.10" | - |
Affected
| ||||||