ID CVE-2002-0033
Summary Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:2.5.1:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:2.5.1:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:2.6:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:2.6:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:7.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:7.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2010-09-20T04:00:10.335-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
    family unix
    id oval:org.mitre.oval:def:124
    status accepted
    submitted 2002-10-17T12:00:00.000-04:00
    title Solaris 7 cachefsd Heap Overflow Vulnerability
    version 33
  • accepted 2010-09-20T04:00:21.410-04:00
    class vulnerability
    contributors
    • name David Proulx
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
    family unix
    id oval:org.mitre.oval:def:31
    status accepted
    submitted 2003-01-31T12:00:00.000-04:00
    title Solaris 8/9 cachefsd Heap Overflow Vulnerability
    version 34
refmap via4
bid 4674
bugtraq 20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability
cert CA-2002-11
cert-vn VU#635811
confirm http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
xf solaris-cachefsd-name-bo(8999)
saint via4
bid 4674
description cachefsd heap overflow
id rpc_cachefsd
osvdb 779
title solaris_cachefsd
type remote
Last major update 30-10-2018 - 16:25
Published 29-05-2002 - 04:00
Back to Top