Vulnerability CVE-2010-1039

Vulnerability CVE-2010-1039

Published: 2010-05-20 Modified: 2012-02-13

Description:

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

See advisories in our WLB2 database:

	Topic	Author	Date
High	HP-UX Running ONCPlus, Remote Denial of Service (DoS), PE	HP	25.05.2010
High	rpc.pcnfsd Remote Format String Exploit	Rodrigo Rubira B...	21.07.2010

Type:

CWE-134

(Uncontrolled Format String)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
SGI -> IRIX
IBM -> VIOS
IBM -> AIX
HP -> Nfs/oncplus

References:

http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc

http://marc.info/?l=bugtraq&m=127428077629933&w=2

http://securitytracker.com/id?1024016

http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html

http://www.ibm.com/support/docview.wss?uid=isg1IZ73590

http://www.ibm.com/support/docview.wss?uid=isg1IZ73599

http://www.ibm.com/support/docview.wss?uid=isg1IZ73681

http://www.ibm.com/support/docview.wss?uid=isg1IZ73757

http://www.ibm.com/support/docview.wss?uid=isg1IZ73874

http://www.ibm.com/support/docview.wss?uid=isg1IZ75369

http://www.ibm.com/support/docview.wss?uid=isg1IZ75440

http://www.ibm.com/support/docview.wss?uid=isg1IZ75465

http://www.securityfocus.com/archive/1/511405/100/0/threaded

http://www.securityfocus.com/bid/40248

http://www.securitytracker.com/id?1023994

http://www.vupen.com/english/advisories/2010/1199

http://www.vupen.com/english/advisories/2010/1211

http://www.vupen.com/english/advisories/2010/1212

http://www.vupen.com/english/advisories/2010/1213

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088

https://exchange.xforce.ibmcloud.com/vulnerabilities/58718

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103

Vulnerability CVE-2010-1039

See advisories in our WLB2 database:

High

HP-UX Running ONCPlus, Remote Denial of Service (DoS), PE

High

rpc.pcnfsd Remote Format String Exploit

CWE-134

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Remote

Low

No required

Complete

Complete

Complete

Affected software

References: