[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-4435Date: (C)2011-01-19   (M)2018-04-14


Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1024975
EXPLOIT-DB-16137
http://www.securityfocus.com/archive/1/archive/1/516304/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/516284/100/0/threaded
SECUNIA-42984
SECUNIA-43258
BID-45853
BID-46261
OSVDB-70569
SREASON-8069
ADV-2011-0151
ADV-2011-0352
HPSBUX02628
IAVM:2011-B-0026
SSRT090183
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.zerodayinitiative.com/advisories/ZDI-11-062/
solaris-cde-code-execution(64797)

CPE    3
cpe:/o:sun:sunos:5.8
cpe:/o:sun:sunos:5.9
cpe:/o:sun:sunos:5.10
OVAL    1
oval:org.secpod.oval:def:1100027

© SecPod Technologies