CVE - CVE-2010-4435

CVE-ID
CVE-2010-4435	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:45853 URL:http://www.securityfocus.com/bid/45853 BID:46261 URL:http://www.securityfocus.com/bid/46261 BUGTRAQ:20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution URL:http://www.securityfocus.com/archive/1/516304/100/0/threaded BUGTRAQ:20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability URL:http://www.securityfocus.com/archive/1/516284/100/0/threaded CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html EXPLOIT-DB:16137 URL:http://www.exploit-db.com/exploits/16137 HP:HPSBUX02628 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395 HP:SSRT090183 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395 MISC:http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc MISC:http://www.zerodayinitiative.com/advisories/ZDI-11-062/ OSVDB:70569 URL:~~http://osvdb.org/70569~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:12794 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794 SECTRACK:1024975 URL:http://www.securitytracker.com/id?1024975 SECUNIA:42984 URL:http://secunia.com/advisories/42984 SECUNIA:43258 URL:http://secunia.com/advisories/43258 SREASON:8069 URL:http://securityreason.com/securityalert/8069 VUPEN:ADV-2011-0151 URL:~~http://www.vupen.com/english/advisories/2011/0151~~ (Obsolete source) VUPEN:ADV-2011-0352 URL:~~http://www.vupen.com/english/advisories/2011/0352~~ (Obsolete source) XF:solaris-cde-code-execution(64797) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
Assigning CNA
Oracle
Date Record Created
20101206	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101206)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)