Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-1039

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

Published

2010-05-20T17:30:01.350

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hp	nfs\/oncplus	≤ b.11.31_09	Yes
Operating System	hp	hp-ux	b.11.11	No
Operating System	hp	hp-ux	b.11.23	No
Operating System	hp	hp-ux	b.11.31	No
Operating System	ibm	aix	≤ 5.3	Yes
Operating System	ibm	aix	1.2.1	Yes
Operating System	ibm	aix	1.3	Yes
Operating System	ibm	aix	2.2.1	Yes
Operating System	ibm	aix	3.1	Yes
Operating System	ibm	aix	3.2	Yes
Operating System	ibm	aix	3.2.0	Yes
Operating System	ibm	aix	3.2.4	Yes
Operating System	ibm	aix	3.2.5	Yes
Operating System	ibm	aix	4	Yes
Operating System	ibm	aix	4.0	Yes
Operating System	ibm	aix	4.1	Yes
Operating System	ibm	aix	4.1.1	Yes
Operating System	ibm	aix	4.1.2	Yes
Operating System	ibm	aix	4.1.3	Yes
Operating System	ibm	aix	4.1.4	Yes
Operating System	ibm	aix	4.1.5	Yes
Operating System	ibm	aix	4.2	Yes
Operating System	ibm	aix	4.2.0	Yes
Operating System	ibm	aix	4.2.1	Yes
Operating System	ibm	aix	4.2.1.12	Yes
Operating System	ibm	aix	4.3	Yes
Operating System	ibm	aix	4.3.0	Yes
Operating System	ibm	aix	4.3.1	Yes
Operating System	ibm	aix	4.3.2	Yes
Operating System	ibm	aix	4.3.3	Yes
Operating System	ibm	aix	5.1	Yes
Operating System	ibm	aix	5.1.0.10	Yes
Operating System	ibm	aix	5.1l	Yes
Operating System	ibm	aix	5.2	Yes
Operating System	ibm	aix	5.2.0	Yes
Operating System	ibm	aix	5.2.0.50	Yes
Operating System	ibm	aix	5.2.0.54	Yes
Operating System	ibm	aix	5.2.2	Yes
Operating System	ibm	aix	5.2_l	Yes
Operating System	ibm	aix	6.1	Yes
Operating System	ibm	aix	430	Yes
Application	ibm	vios	≤ 1.5	Yes
Application	ibm	vios	1.4	Yes
Application	ibm	vios	2.1	Yes
Operating System	sgi	irix	6.5	Yes

References

http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc ([email protected])
http://marc.info/?l=bugtraq&m=127428077629933&w=2 Vendor Advisory ([email protected])
http://marc.info/?l=bugtraq&m=127428077629933&w=2 Vendor Advisory ([email protected])
http://osvdb.org/64729 ([email protected])
http://secunia.com/advisories/39835 Vendor Advisory ([email protected])
http://secunia.com/advisories/39911 ([email protected])
http://securitytracker.com/id?1024016 ([email protected])
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ73590 ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ73599 ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ73681 ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ73757 ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ73874 ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ75369 ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ75440 ([email protected])
http://www.ibm.com/support/docview.wss?uid=isg1IZ75465 ([email protected])
http://www.securityfocus.com/archive/1/511405/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/40248 Patch ([email protected])
http://www.securitytracker.com/id?1023994 ([email protected])
http://www.vupen.com/english/advisories/2010/1199 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/1211 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/1212 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/1213 Vendor Advisory ([email protected])
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/58718 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103 ([email protected])
http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127428077629933&w=2 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127428077629933&w=2 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/64729 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39835 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39911 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1024016 (af854a3a-2127-422b-91ae-364da2661108)
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ73590 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ73599 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ73681 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ73757 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ73874 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ75369 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ75440 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ibm.com/support/docview.wss?uid=isg1IZ75465 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/511405/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/40248 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1023994 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1199 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1211 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1212 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1213 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58718 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103 (af854a3a-2127-422b-91ae-364da2661108)