[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1039Date: (C)2010-05-20   (M)2023-12-22


Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1023994
SECTRACK-1024016
http://www.securityfocus.com/archive/1/511405/100/0/threaded
SECUNIA-39835
SECUNIA-39911
BID-40248
OSVDB-64729
ADV-2010-1199
ADV-2010-1211
ADV-2010-1212
ADV-2010-1213
HPSBUX02523
IZ73590
IZ73599
IZ73681
IZ73757
IZ73874
IZ75369
IZ75440
IZ75465
hpux-nfsoncplus-privilege-escalation(58718)
http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088
oval:org.mitre.oval:def:11986
oval:org.mitre.oval:def:12103

CPE    43
cpe:/o:ibm:aix:4
cpe:/o:hp:hp-ux:b.11.11
cpe:/o:hp:hp-ux:b.11.31
cpe:/o:ibm:aix:2.2.1
...
CWE    1
CWE-134
OVAL    1
oval:org.secpod.oval:def:1100043

© SecPod Technologies