CVE-2010-4435
published 2011-01-19CVE-2010-4435: Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE…
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.17%
96.1th percentile
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | sunos | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized XDR-encoded ASCII strings sent to RPC program 100068 (rpc.cmsd), version 4, procedure 10 — the buffer overflow trigger vector. ↗
- →Monitor for RPC calls targeting CMSD_PROG 100068 / CMSD_VERS 4 with two XDR wrapstring fields (s1, s2) of abnormal length, particularly to procedures 6 (INSERT) and 10 (UNKN). ↗
- →Scope detection to Oracle Solaris 8, 9, 10 and HP-UX hosts running the CDE Calendar Manager Service Daemon (rpc.cmsd) exposed on the network. ↗
- ·Oracle has not officially confirmed the exact technical details; the buffer-overflow characterisation comes from third-party researchers, not Oracle's advisory. ↗
- ·The vulnerability is described as 'unspecified' in Oracle's CPU; full technical details were sourced from the January 2011 CPU disclosure only. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.aschttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395http://osvdb.org/70569http://secunia.com/advisories/42984http://secunia.com/advisories/43258http://securityreason.com/securityalert/8069http://www.exploit-db.com/exploits/16137http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlhttp://www.securityfocus.com/archive/1/516284/100/0/threadedhttp://www.securityfocus.com/archive/1/516304/100/0/threadedhttp://www.securityfocus.com/bid/45853http://www.securityfocus.com/bid/46261http://www.securitytracker.com/id?1024975http://www.vupen.com/english/advisories/2011/0151http://www.vupen.com/english/advisories/2011/0352http://www.zerodayinitiative.com/advisories/ZDI-11-062/https://exchange.xforce.ibmcloud.com/vulnerabilities/64797https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.aschttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395http://osvdb.org/70569http://secunia.com/advisories/42984http://secunia.com/advisories/43258http://securityreason.com/securityalert/8069http://www.exploit-db.com/exploits/16137http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlhttp://www.securityfocus.com/archive/1/516284/100/0/threadedhttp://www.securityfocus.com/archive/1/516304/100/0/threadedhttp://www.securityfocus.com/bid/45853http://www.securityfocus.com/bid/46261http://www.securitytracker.com/id?1024975http://www.vupen.com/english/advisories/2011/0151http://www.vupen.com/english/advisories/2011/0352http://www.zerodayinitiative.com/advisories/ZDI-11-062/https://exchange.xforce.ibmcloud.com/vulnerabilities/64797https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794
2011-01-19
Published