Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1039

CWE-134 — Uncontrolled Format String6 documents4 sources

Severity

10.0CRITICAL

EPSS

22.3%

top 4.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Nfs\/oncplus IBM AIX IBM Vios +1 more

Timeline

PublishedMay 20

Latest updateMay 2

Description

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDibm/vios1.5+2

▶NVDhp/nfs\/oncplusb.11.31_09

▶NVDsgi/irix6.5

▶NVDibm/aix5.3+36

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-599v-778r-52j4: Format string vulnerability in the _msgout function in rpc↗2022-05-02

▶

CVEList

CVE-2010-1039: Format string vulnerability in the _msgout function in rpc↗2010-05-20

▶

💥Exploits & PoCs

Exploit-DB

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory↗2017-03-27

▶

Exploit-DB

Apple Mail.app - Image Attachment Command Execution (Metasploit)↗2011-03-05

▶

Exploit-DB

rpc.pcnfsd - Remote Format String↗2010-07-18

▶