Vulnerabilities > CVE-2010-1039 - USE of Externally-Controlled Format String vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 4 | |
| OS | 3 | |
| OS | Ibm
| 42 |
| OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Exploit-Db
| description | rpc.pcnfsd Remote Format String Exploit. CVE-2010-1039. Remote exploit for aix platform |
| id | EDB-ID:14407 |
| last seen | 2016-02-01 |
| modified | 2010-07-18 |
| published | 2010-07-18 |
| reporter | Rodrigo Rubira Branco |
| source | https://www.exploit-db.com/download/14407/ |
| title | rpc.pcnfsd Remote Format String Exploit |
Nessus
NASL family AIX Local Security Checks NASL id AIX_U834083.NASL description The remote host is missing AIX PTF U834083, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 46955 published 2010-06-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46955 title AIX 6.1 TL 2 : bos.net.nfs.client (U834083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were extracted # from AIX Security PTF U834083. The text itself is copyright (C) # International Business Machines Corp. # include("compat.inc"); if (description) { script_id(46955); script_version ("1.5"); script_cvs_date("Date: 2019/09/16 14:12:59"); script_cve_id("CVE-2010-1039"); script_bugtraq_id(40248); script_xref(name:"IAVA", value:"2010-A-0073"); script_name(english:"AIX 6.1 TL 2 : bos.net.nfs.client (U834083)"); script_summary(english:"Check for PTF U834083"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote host is missing AIX PTF U834083, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. " ); script_set_attribute( attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ75465" ); script_set_attribute( attribute:"solution", value:"Install the appropriate missing security-related fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2010/04/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/15"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( aix_check_patch(ml:"610002", patch:"U834083", package:"bos.net.nfs.client.6.1.2.8") < 0 ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IZ73590.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63814 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63814 title AIX 5.3 TL 12 : pcnfsd (IZ73590) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory pcnfsd_advisory.asc. # include("compat.inc"); if (description) { script_id(63814); script_version("1.6"); script_cvs_date("Date: 2019/09/16 14:12:55"); script_cve_id("CVE-2010-1039"); script_xref(name:"IAVA", value:"2010-A-0073"); script_name(english:"AIX 5.3 TL 12 : pcnfsd (IZ73590)"); script_summary(english:"Check for APAR IZ73590"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code.'." ); # http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f70188ad" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/20"); script_set_attribute(attribute:"patch_publication_date", value:"2010/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"5.3", ml:"12", patch:"IZ73590_12", package:"bos.net.nfs.client", minfilesetver:"5.3.12.0", maxfilesetver:"5.3.12.0") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_U830280.NASL description The remote host is missing AIX PTF U830280, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 47657 published 2010-07-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47657 title AIX 5.3 TL 12 : bos.net.nfs.client (U830280) NASL family AIX Local Security Checks NASL id AIX_IZ73681.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63816 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63816 title AIX 5.3 TL 11 : pcnfsd (IZ73681) NASL family AIX Local Security Checks NASL id AIX_IZ73599.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63815 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63815 title AIX 6.1 TL 5 : pcnfsd (IZ73599) NASL family AIX Local Security Checks NASL id AIX_U833953.NASL description The remote host is missing AIX PTF U833953, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 46924 published 2010-06-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46924 title AIX 6.1 TL 4 : bos.net.nfs.client (U833953) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_41021.NASL description s700_800 11.23 NFS cumulative patch : A potential security vulnerability has been identified with the NFS/ONCplus rpc.pcnfsd component running on HP-UX. The vulnerability could result in a remote Denial of Service (DoS) and increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 46697 published 2010-05-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46697 title HP-UX PHNE_41021 : HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege (HPSBUX02523 SSRT100036 rev.2) NASL family AIX Local Security Checks NASL id AIX_IZ75465.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63821 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63821 title AIX 6.1 TL 2 : pcnfsd (IZ75465) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_41023.NASL description s700_800 11.11 ONC/NFS General Release/Performance Patch : A potential security vulnerability has been identified with the NFS/ONCplus rpc.pcnfsd component running on HP-UX. The vulnerability could result in a remote Denial of Service (DoS) and increase in privilege. last seen 2020-06-01 modified 2020-06-02 plugin id 46698 published 2010-05-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46698 title HP-UX PHNE_41023 : HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege (HPSBUX02523 SSRT100036 rev.2) NASL family AIX Local Security Checks NASL id AIX_IZ73757.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63817 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63817 title AIX 5.3 TL 10 : pcnfsd (IZ73757) NASL family AIX Local Security Checks NASL id AIX_U832864.NASL description The remote host is missing AIX PTF U832864, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 46580 published 2010-05-19 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46580 title AIX 5.3 TL 10 : bos.net.nfs.client (U832864) NASL family AIX Local Security Checks NASL id AIX_U832850.NASL description The remote host is missing AIX PTF U832850, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 46566 published 2010-05-19 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46566 title AIX 5.3 TL 11 : bos.net.nfs.client (U832850) NASL family AIX Local Security Checks NASL id AIX_U834157.NASL description The remote host is missing AIX PTF U834157, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 46964 published 2010-06-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46964 title AIX 6.1 TL 3 : bos.net.nfs.client (U834157) NASL family AIX Local Security Checks NASL id AIX_U830259.NASL description The remote host is missing AIX PTF U830259, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 46406 published 2010-05-19 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46406 title AIX 5.3 TL 9 : bos.net.nfs.client (U830259) NASL family AIX Local Security Checks NASL id AIX_IZ75369.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63819 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63819 title AIX 6.1 TL 4 : pcnfsd (IZ75369) NASL family AIX Local Security Checks NASL id AIX_IZ73874.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63818 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63818 title AIX 5.3 TL 9 : pcnfsd (IZ73874) NASL family AIX Local Security Checks NASL id AIX_U828006.NASL description The remote host is missing AIX PTF U828006, which is related to the security of the package bos.net.nfs.client. An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 47648 published 2010-07-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47648 title AIX 6.1 TL 5 : bos.net.nfs.client (U828006) NASL family AIX Local Security Checks NASL id AIX_IZ75440.NASL description 'An integer overflow vulnerability was reported in the rpc.pcnfsd service within the several systems. The rpc.pcnfsd daemon handles requests from PC-NFS clients for authentication services on remote machines. These services include authentication for mounting and for print spooling. The vulnerability is triggered when parsing crafted RPC requests. A remote attacker can leverage this vulnerability by sending a crafted RPC message to the target host, to potentially inject and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 63820 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63820 title AIX 6.1 TL 3 : pcnfsd (IZ75440)
Oval
accepted 2015-04-20T04:00:14.108-04:00 class vulnerability contributors name Varun Narula organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. family unix id oval:org.mitre.oval:def:11986 status accepted submitted 2010-10-25T16:10:22.000-05:00 title HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege version 50 accepted 2011-02-21T04:00:10.842-05:00 class vulnerability contributors name Varun Narula organization Hewlett-Packard name R, Yamini Mohan organization Hewlett-Packard
definition_extensions comment IBM AIX 5300-09 is installed oval oval:org.mitre.oval:def:6306 comment IBM AIX 6100-02 is installed oval oval:org.mitre.oval:def:5685 comment IBM AIX 6100-03 is installed oval oval:org.mitre.oval:def:6736 comment IBM AIX 6100-04 is installed oval oval:org.mitre.oval:def:7373
description Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. family unix id oval:org.mitre.oval:def:12103 status accepted submitted 2010-11-24T16:39:20.000-05:00 title AIX rpc.pcnfsd integer overflow vulnerability. version 46
References
- http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc
- http://marc.info/?l=bugtraq&m=127428077629933&w=2
- http://osvdb.org/64729
- http://secunia.com/advisories/39835
- http://secunia.com/advisories/39911
- http://securitytracker.com/id?1024016
- http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73590
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73599
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73681
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73757
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73874
- http://www.ibm.com/support/docview.wss?uid=isg1IZ75369
- http://www.ibm.com/support/docview.wss?uid=isg1IZ75440
- http://www.ibm.com/support/docview.wss?uid=isg1IZ75465
- http://www.securityfocus.com/archive/1/511405/100/0/threaded
- http://www.securityfocus.com/bid/40248
- http://www.securitytracker.com/id?1023994
- http://www.vupen.com/english/advisories/2010/1199
- http://www.vupen.com/english/advisories/2010/1211
- http://www.vupen.com/english/advisories/2010/1212
- http://www.vupen.com/english/advisories/2010/1213
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58718
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103