Vulnerabilities > CVE-2010-3509 - Remote Buffer Overflow vulnerability in Oracle Solaris 10/8/9

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oracle
critical

Summary

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.

Vulnerable Configurations

Part Description Count
OS
Oracle
3

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 43933 CVE ID: CVE-2010-3509 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris中所运行的rpc.cmsd服务存在整数溢出漏洞,远程攻击者可以通过向该服务提交恶意RPC请求触发这个溢出,导致拒绝服务或以root用户权限执行任意代码。 Sun Solaris 9.0_x86 Sun Solaris 9.0 Sun Solaris 8.0_x86 Sun Solaris 8.0 Sun Solaris 10.0_x86 Sun Solaris 10.0 厂商补丁: Oracle ------ Oracle已经为此发布了一个安全公告(cpuoct2010)以及相应补丁: cpuoct2010:Oracle Critical Patch Update Advisory - October 2010 链接:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
idSSV:20193
last seen2017-11-19
modified2010-10-26
published2010-10-26
reporterRoot
titleSolaris rpc.cmsd服务远程整数溢出漏洞