Vulnerabilities > CVE-2010-4435 - Unspecified vulnerability in SUN Sunos 5.10/5.8/5.9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Exploit-Db
| description | Multiple Vendor Calendar Manager Remote Code Execution. CVE-2010-4435. Remote exploits for multiple platform |
| file | exploits/multiple/remote/16137.c |
| id | EDB-ID:16137 |
| last seen | 2016-02-01 |
| modified | 2011-02-09 |
| platform | multiple |
| port | |
| published | 2011-02-09 |
| reporter | Rodrigo Rubira Branco |
| source | https://www.exploit-db.com/download/16137/ |
| title | Multiple Vendor Calendar Manager Remote Code Execution |
| type | remote |
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_41788.NASL description s700_800 11.31 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running CDE Calendar Manager. The vulnerability could be exploited remotely to execute arbitrary code. References: CVE-2010-4435, ZDI-CAN-561. last seen 2020-06-01 modified 2020-06-02 plugin id 52040 published 2011-02-21 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52040 title HP-UX PHSS_41788 : HP-UX Running CDE Calendar Manager, Remote Execution of Arbitrary Code (HPSBUX02628 SSRT090183 rev.1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_41174.NASL description s700_800 11.23 CDE Applications Patch : A potential security vulnerability has been identified with HP-UX running CDE Calendar Manager. The vulnerability could be exploited remotely to execute arbitrary code. References: CVE-2010-4435, ZDI-CAN-561. last seen 2020-06-01 modified 2020-06-02 plugin id 52039 published 2011-02-21 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52039 title HP-UX PHSS_41174 : HP-UX Running CDE Calendar Manager, Remote Execution of Arbitrary Code (HPSBUX02628 SSRT090183 rev.1)
Oval
| accepted | 2015-04-20T04:00:32.783-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| description | Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10. | ||||||||||||||||
| family | unix | ||||||||||||||||
| id | oval:org.mitre.oval:def:12794 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2011-07-28T14:52:04.000-05:00 | ||||||||||||||||
| title | HP-UX Running CDE Calendar Manager, Remote Execution of Arbitrary Code | ||||||||||||||||
| version | 48 |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:70687 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-70687 |
| title | Multiple Vendor Calendar Manager Remote Code Execution |
References
- http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
- http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
- http://osvdb.org/70569
- http://osvdb.org/70569
- http://secunia.com/advisories/42984
- http://secunia.com/advisories/42984
- http://secunia.com/advisories/43258
- http://secunia.com/advisories/43258
- http://securityreason.com/securityalert/8069
- http://securityreason.com/securityalert/8069
- http://www.exploit-db.com/exploits/16137
- http://www.exploit-db.com/exploits/16137
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.securityfocus.com/archive/1/516284/100/0/threaded
- http://www.securityfocus.com/archive/1/516284/100/0/threaded
- http://www.securityfocus.com/archive/1/516304/100/0/threaded
- http://www.securityfocus.com/archive/1/516304/100/0/threaded
- http://www.securityfocus.com/bid/45853
- http://www.securityfocus.com/bid/45853
- http://www.securityfocus.com/bid/46261
- http://www.securityfocus.com/bid/46261
- http://www.securitytracker.com/id?1024975
- http://www.securitytracker.com/id?1024975
- http://www.vupen.com/english/advisories/2011/0151
- http://www.vupen.com/english/advisories/2011/0151
- http://www.vupen.com/english/advisories/2011/0352
- http://www.vupen.com/english/advisories/2011/0352
- http://www.zerodayinitiative.com/advisories/ZDI-11-062/
- http://www.zerodayinitiative.com/advisories/ZDI-11-062/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794