Vulnerability Details : CVE-2010-1039
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-1039
Probability of exploitation activity in the next 30 days: 22.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-1039
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1039
-
http://www.vupen.com/english/advisories/2010/1212
Webmail | OVH- OVHVendor Advisory
-
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
Page not found | Check Point Software
-
http://www.securityfocus.com/bid/40248
Multiple Vendor 'rpc.pcnfsd' Integer Overflow VulnerabilityPatch
-
http://marc.info/?l=bugtraq&m=127428077629933&w=2
'[security bulletin] HPSBUX02523 SSRT100036 rev.1 - HP-UX Running ONCPlus, Remote Denial of Service (' - MARCVendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ73757
IBM IZ73757: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 5300-10
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ75440
IBM IZ75440: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 6100-03
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103
Repository / Oval Repository
-
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ73590
IBM IZ73590: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 5300-12
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ73681
IBM IZ73681: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 5300-11
-
http://www.vupen.com/english/advisories/2010/1213
Webmail | OVH- OVHVendor Advisory
-
http://www.securitytracker.com/id?1023994
HP-UX Integer Overflow in ONCPlus 'rpc.pcnfsd' Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc
-
http://www.securityfocus.com/archive/1/511405/100/0/threaded
SecurityFocus
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ75369
IBM IZ75369: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 6100-04
-
http://www.vupen.com/english/advisories/2010/1211
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2010/1199
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/58718
HP-UX NFS/ONCplus format string CVE-2010-1039 Vulnerability Report
-
http://securitytracker.com/id?1024016
IBM AIX Integer Overflow in rpc.pcnfsd Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986
Repository / Oval Repository
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ73599
IBM IZ73599: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 6100-05
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ75465
IBM IZ75465: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 6100-02
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ73874
IBM IZ73874: POTENTIAL SECURITY ISSUE. APPLIES TO AIX 5300-09
Products affected by CVE-2010-1039
- cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:nfs\/oncplus:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:430:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:4.2.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.1:*:*:*:*:*:*:*