ID CVE-2010-4435
Summary Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-10-2018 - 20:08)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-04-20T04:00:32.783-04:00
class vulnerability
contributors
  • name Yamini Mohan R
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
family unix
id oval:org.mitre.oval:def:12794
status accepted
submitted 2011-07-28T14:52:04.000-05:00
title HP-UX Running CDE Calendar Manager, Remote Execution of Arbitrary Code
version 44
refmap via4
bid
  • 45853
  • 46261
bugtraq
  • 20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution
  • 20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability
confirm http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
exploit-db 16137
hp
  • HPSBUX02628
  • SSRT090183
misc
osvdb 70569
sectrack 1024975
secunia
  • 42984
  • 43258
sreason 8069
vupen
  • ADV-2011-0151
  • ADV-2011-0352
xf solaris-cde-code-execution(64797)
Last major update 10-10-2018 - 20:08
Published 19-01-2011 - 17:00
Back to Top