| ID |
CVE-2010-4435
|
| Summary |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
-
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
-
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 10-10-2018 - 20:08) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2015-04-20T04:00:32.783-04:00 | | class | vulnerability | | contributors | | name | Yamini Mohan R | | organization | Hewlett-Packard |
| name | Sushant Kumar Singh | | organization | Hewlett-Packard |
| name | Prashant Kumar | | organization | Hewlett-Packard |
| name | Mike Cokus | | organization | The MITRE Corporation |
| | description | Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10. | | family | unix | | id | oval:org.mitre.oval:def:12794 | | status | accepted | | submitted | 2011-07-28T14:52:04.000-05:00 | | title | HP-UX Running CDE Calendar Manager, Remote Execution of Arbitrary Code | | version | 48 |
|
| refmap
via4
|
| bid | | | bugtraq | - 20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution
- 20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability
| | confirm | http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html | | exploit-db | 16137 | | hp | | | misc | | | osvdb | 70569 | | sectrack | 1024975 | | secunia | | | sreason | 8069 | | vupen | - ADV-2011-0151
- ADV-2011-0352
| | xf | solaris-cde-code-execution(64797) |
|
| Last major update |
10-10-2018 - 20:08 |
| Published |
19-01-2011 - 17:00 |
| Last modified |
10-10-2018 - 20:08 |
