CVE - CVE-2010-1039

CVE-ID
CVE-2010-1039	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IZ73590 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ73590 AIXAPAR:IZ73599 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ73599 AIXAPAR:IZ73681 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ73681 AIXAPAR:IZ73757 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ73757 AIXAPAR:IZ73874 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ73874 AIXAPAR:IZ75369 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ75369 AIXAPAR:IZ75440 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ75440 AIXAPAR:IZ75465 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ75465 BID:40248 URL:http://www.securityfocus.com/bid/40248 BUGTRAQ:20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039 URL:http://www.securityfocus.com/archive/1/511405/100/0/threaded CONFIRM:http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088 HP:HPSBUX02523 URL:http://marc.info/?l=bugtraq&m=127428077629933&w=2 HP:SSRT100036 URL:http://marc.info/?l=bugtraq&m=127428077629933&w=2 MISC:http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html OSVDB:64729 URL:~~http://osvdb.org/64729~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11986 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986 OVAL:oval:org.mitre.oval:def:12103 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103 SECTRACK:1023994 URL:http://www.securitytracker.com/id?1023994 SECTRACK:1024016 URL:http://securitytracker.com/id?1024016 SECUNIA:39835 URL:http://secunia.com/advisories/39835 SECUNIA:39911 URL:http://secunia.com/advisories/39911 VUPEN:ADV-2010-1199 URL:~~http://www.vupen.com/english/advisories/2010/1199~~ (Obsolete source) VUPEN:ADV-2010-1211 URL:~~http://www.vupen.com/english/advisories/2010/1211~~ (Obsolete source) VUPEN:ADV-2010-1212 URL:~~http://www.vupen.com/english/advisories/2010/1212~~ (Obsolete source) VUPEN:ADV-2010-1213 URL:~~http://www.vupen.com/english/advisories/2010/1213~~ (Obsolete source) XF:hpux-nfsoncplus-privilege-escalation(58718) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/58718
Assigning CNA
HP Inc.
Date Record Created
20100319	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100319)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)