--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-4435

Date: (C)2011-01-19   (M)2017-09-22
 
CVSS Score: 10.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

Reference:
SECTRACK-1024975
EXPLOIT-DB-16137
http://www.securityfocus.com/archive/1/archive/1/516304/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/516284/100/0/threaded
SECUNIA-42984
SECUNIA-43258
BID-45853
BID-46261
OSVDB-70569
SREASON-8069
ADV-2011-0151
ADV-2011-0352
HPSBUX02628
IAVM:2011-B-0026
SSRT090183
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.zerodayinitiative.com/advisories/ZDI-11-062/
solaris-cde-code-execution(64797)

CPE    3
cpe:/o:sun:sunos:5.10
cpe:/o:sun:sunos:5.8
cpe:/o:sun:sunos:5.9
OVAL    1
oval:org.secpod.oval:def:1100027

© 2013 SecPod Technologies