Vulnerability Details : CVE-2010-4435
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
Vulnerability category: Overflow
Threat overview for CVE-2010-4435
Top countries where our scanners detected CVE-2010-4435
Top open port discovered on systems with this issue
554
IPs affected by CVE-2010-4435 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-4435!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-4435
Probability of exploitation activity in the next 30 days: 95.85%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4435
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2010-4435
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794
Repository / Oval Repository
-
http://securityreason.com/securityalert/8069
Multiple Vendor Calendar Manager Remote Code Execution - CXSecurity.com
-
http://www.securityfocus.com/bid/46261
HP-UX 'rpc.cmsd' Calendar Manager Daemon Remote Buffer Overflow Vulnerability
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
-
http://www.securitytracker.com/id?1024975
Solaris Multiple Flaws Let Remote Users Gain Full Control and Local Users Partially Access and Modify Data and Deny Service - SecurityTracker
-
http://www.securityfocus.com/bid/45853
Oracle Solaris CDE Calendar Manager Service Daemon Remote Buffer Overflow Vulnerability
- http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
-
http://www.securityfocus.com/archive/1/516304/100/0/threaded
SecurityFocus
-
http://www.exploit-db.com/exploits/16137
Multiple Vendor Calendar Manager - Remote Code Execution - Multiple remote ExploitExploit
-
http://www.vupen.com/english/advisories/2011/0151
Webmail | OVH- OVHVendor Advisory
-
http://www.zerodayinitiative.com/advisories/ZDI-11-062/
ZDI-11-062 | Zero Day Initiative
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
Oracle Solaris CDE Calendar Manager Service code execution CVE-2010-4435 Vulnerability Report
-
http://www.securityfocus.com/archive/1/516284/100/0/threaded
SecurityFocus
-
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Oracle Critical Patch Update - January 2011Vendor Advisory
-
http://www.vupen.com/english/advisories/2011/0352
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-4435
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*