CVE-2010-4435

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
http://osvdb.org/70569
http://secunia.com/advisories/42984	Vendor Advisory
http://secunia.com/advisories/43258	Vendor Advisory
http://securityreason.com/securityalert/8069
http://www.exploit-db.com/exploits/16137	Exploit
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
http://www.securityfocus.com/archive/1/516284/100/0/threaded
http://www.securityfocus.com/archive/1/516304/100/0/threaded
http://www.securityfocus.com/bid/45853
http://www.securityfocus.com/bid/46261
http://www.securitytracker.com/id?1024975
http://www.vupen.com/english/advisories/2011/0151	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0352	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-062/
https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
http://osvdb.org/70569
http://secunia.com/advisories/42984	Vendor Advisory
http://secunia.com/advisories/43258	Vendor Advisory
http://securityreason.com/securityalert/8069
http://www.exploit-db.com/exploits/16137	Exploit
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
http://www.securityfocus.com/archive/1/516284/100/0/threaded
http://www.securityfocus.com/archive/1/516304/100/0/threaded
http://www.securityfocus.com/bid/45853
http://www.securityfocus.com/bid/46261
http://www.securitytracker.com/id?1024975
http://www.vupen.com/english/advisories/2011/0151	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0352	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-062/
https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sun:sunos:5.8:::::::*
	cpe:2.3:o:sun:sunos:5.9:::::::*
	cpe:2.3:o:sun:sunos:5.10:::::::*

History

21 Nov 2024, 01:20

Information

Published : 2011-01-19 17:00

Updated : 2024-11-21 01:20

NVD link : CVE-2010-4435

Mitre link : CVE-2010-4435

CVE.ORG link : CVE-2010-4435

JSON object : View

Products Affected

sun

sunos

CWE

NVD-CWE-noinfo

10.0 /10