10 - CVE-2010-1039

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2010-1039	First vendor Publication	2010-05-20
Vendor	Cve	Last vendor Modification	2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1039

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-134	Uncontrolled Format String (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11986

Oval ID:	oval:org.mitre.oval:def:11986
Title:	HP-UX Running ONCplus rpc.pcnfsd, Remote Denial of Service (DoS), Increase in Privilege
Description:	Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-1039	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02523 HP Release B.11.23 AND filesets tests NFS.NFS-CLIENT is installed AND NFS.NFS-KRN is installed AND NFS.NFS2-CORE is installed AND NFS.NFS2-PRG is installed AND NFS.NFS2-SERVER is installed AND NOT Patch PHNE_41021 is installed OR Criteria meets HP Security Bulletin HPSBUX02523 HP Release B.11.11 AND filesets tests NFS.NFS-KRN is installed AND NFS.KEY-CORE is installed AND NFS.NFS-64ALIB is installed AND NFS.NFS-64SLIB is installed AND NFS.NFS-CLIENT is installed AND NFS.NFS-CORE is installed AND NFS.NFS-PRG is installed AND NFS.NFS-SERVER is installed AND NFS.NFS-SHLIBS is installed AND NFS.NFS-SERVER is installed AND NFS.NFS-CLIENT is installed AND NFS.NFS-CORE is installed AND NFS.NISPLUS-CORE is installed AND NOT Patch PHNE_41023 is installed OR Criteria meets HP Security Bulletin HPSBUX02523 HP-UX B.11.31 AND filesets tests NFS.NFS2-SERVER version is less than B.11.31.09.01 AND NFS.KEY-CORE version is less than B.11.31.09.01 AND NFS.NIS-CLIENT version is less than B.11.31.09.01 AND NFS.NFS-64ALIB version is less than B.11.31.09.01 AND NFS.NIS-CORE version is less than B.11.31.09.01 AND NFS.NFS-64SLIB version is less than B.11.31.09.01 AND NFS.NIS-SERVER version is less than B.11.31.09.01 AND NFS.NIS2-CLIENT version is less than B.11.31.09.01 AND NFS.NFS-CLIENT version is less than B.11.31.09.01 AND NFS.NFS-CORE version is less than B.11.31.09.01 AND NFS.NFS-KRN version is less than B.11.31.09.01 AND NFS.NFS-PRG version is less than B.11.31.09.01 AND NFS.NFS-SERVER version is less than B.11.31.09.01 AND NFS.NFS-SHLIBS version is less than B.11.31.09.01 AND NFS.NFS2-CORE version is less than B.11.31.09.01 AND NFS.NFS2-CLIENT version is less than B.11.31.09.01 AND NFS.NFS2-PRG version is less than B.11.31.09.01

Definition Id: oval:org.mitre.oval:def:12103

Oval ID:	oval:org.mitre.oval:def:12103
Title:	AIX rpc.pcnfsd integer overflow vulnerability.
Description:	Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-1039	Version:	5
Platform(s):	IBM AIX 5.3 IBM AIX 6.1	Product(s):
Definition Synopsis:
IBM AIX 5300-09 meets CVE-2010-1039 IBM AIX 5300-09 is installed AND Fileset bos.net.nfs.client is less than or equal 5.3.9.5 AND Fileset bos.net.nfs.client is greater than or equal 5.3.9.0 AND NOT All filesets for APAR IZ73874 are installed OR IBM AIX 6100-05 meets CVE-2010-1039 Version of IBM AIX installed is 6100-05 AND NOT All filesets for APAR IZ73599 are installed AND Fileset bos.net.nfs.client is greater than or equal 6.1.5.0 AND Fileset bos.net.nfs.client is less than or equal 6.1.5.0 OR IBM AIX 5300-10 meets CVE-2010-1039 Version of IBM AIX installed is 5300-10 AND NOT All filesets for APAR IZ73757 are installed AND Fileset bos.net.nfs.client is greater than or equal 5.3.10.0 AND Fileset bos.net.nfs.client is less than or equal 5.3.10.3 OR IBM AIX 5300-11 meets CVE-2010-1039 Version of IBM AIX installed is 5300-11 AND Fileset bos.net.nfs.client is greater than or equal 5.3.11.0 AND Fileset bos.net.nfs.client is less than or equal 5.3.11.3 AND NOT All filesets for APAR IZ73681 are installed OR IBM AIX 5300-12 meets CVE-2010-1039 Version of IBM AIX installed is 5300-12 AND NOT All filesets for APAR IZ73590 are installed AND Fileset bos.net.nfs.client is greater than or equal 5.3.12.0 AND Fileset bos.net.nfs.client is less than or equal 5.3.12.0 OR IBM AIX 6100-02 meets CVE-2010-1039 IBM AIX 6100-02 is installed AND NOT All filesets for APAR IZ75465 are installed AND Fileset bos.net.nfs.client is greater than or equal 6.1.2.0 AND Fileset bos.net.nfs.client is less than or equal 6.1.2.7 OR IBM AIX 6100-03 meets CVE-2010-1039 IBM AIX 6100-03 is installed AND NOT All filesets for APAR IZ75440 are installed AND Fileset bos.net.nfs.client is greater than or equal 6.1.3.0 AND Fileset bos.net.nfs.client is less than or equal 6.1.3.3 OR IBM AIX 6100-04 meets CVE-2010-1039 IBM AIX 6100-04 is installed AND NOT All filesets for APAR IZ75369 are installed AND Fileset bos.net.nfs.client is greater than or equal 6.1.4.0 AND Fileset bos.net.nfs.client is less than or equal 6.1.4.4

OpenVAS Exploits

Date	Description
2010-05-28	Name : HP-UX Update for ONCPlus HPSBUX02523 File : nvt/gb_hp_ux_HPSBUX02523.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
65506	IBM AIX rpc.pcnfsd Unspecified Log Function Crafted RPC Request Remote Overflow
65505	IBM VIOS rpc.pcnfsd Unspecified Log Function Crafted RPC Request Remote Overflow
65504	HP-UX NFS/ONCplus rpc.pcnfsd Unspecified Log Function Crafted RPC Request Rem...
64729	IRIX rpc.pcnfsd Unspecified Log Function Crafted RPC Request Remote Overflow

Information Assurance Vulnerability Management (IAVM)

Date	Description
2010-05-27	IAVM : 2010-A-0073 - Multiple Vendor RPC Integer Overflow Vulnerability Severity : Category I - VMSKEY : V0024202

Nessus® Vulnerability Scanner

Date	Description
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ73599.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ73681.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ73757.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ73874.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ75369.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ75440.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ75465.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ73590.nasl - Type : ACT_GATHER_INFO
2010-07-08	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U828006.nasl - Type : ACT_GATHER_INFO
2010-07-08	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U830280.nasl - Type : ACT_GATHER_INFO
2010-06-15	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U834157.nasl - Type : ACT_GATHER_INFO
2010-06-15	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U833953.nasl - Type : ACT_GATHER_INFO
2010-06-15	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U834083.nasl - Type : ACT_GATHER_INFO
2010-05-24	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_41023.nasl - Type : ACT_GATHER_INFO
2010-05-24	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_41021.nasl - Type : ACT_GATHER_INFO
2010-05-19	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U832864.nasl - Type : ACT_GATHER_INFO
2010-05-19	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U832850.nasl - Type : ACT_GATHER_INFO
2010-05-19	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U830259.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
AIXAPAR	http://www.ibm.com/support/docview.wss?uid=isg1IZ73590 http://www.ibm.com/support/docview.wss?uid=isg1IZ73599 http://www.ibm.com/support/docview.wss?uid=isg1IZ73681 http://www.ibm.com/support/docview.wss?uid=isg1IZ73757 http://www.ibm.com/support/docview.wss?uid=isg1IZ73874 http://www.ibm.com/support/docview.wss?uid=isg1IZ75369 http://www.ibm.com/support/docview.wss?uid=isg1IZ75440 http://www.ibm.com/support/docview.wss?uid=isg1IZ75465
BID	http://www.securityfocus.com/bid/40248
BUGTRAQ	http://www.securityfocus.com/archive/1/511405/100/0/threaded
CONFIRM	http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&I...
HP	http://marc.info/?l=bugtraq&m=127428077629933&w=2
MISC	http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
OSVDB	http://osvdb.org/64729
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK	http://securitytracker.com/id?1024016 http://www.securitytracker.com/id?1023994
SECUNIA	http://secunia.com/advisories/39835 http://secunia.com/advisories/39911
VUPEN	http://www.vupen.com/english/advisories/2010/1199 http://www.vupen.com/english/advisories/2010/1211 http://www.vupen.com/english/advisories/2010/1212 http://www.vupen.com/english/advisories/2010/1213
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/58718

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-05-23 00:25:28	Multiple Updates
2019-01-25 12:03:06	Multiple Updates
2018-10-11 00:19:49	Multiple Updates
2018-02-14 01:00:53	Multiple Updates
2017-09-19 09:23:41	Multiple Updates
2017-08-17 09:22:57	Multiple Updates
2016-07-01 11:06:45	Multiple Updates
2016-06-28 18:05:35	Multiple Updates
2016-04-26 19:40:15	Multiple Updates
2014-02-17 10:54:21	Multiple Updates
2013-11-11 12:38:41	Multiple Updates
2013-05-10 23:20:56	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
Sources(s)	26
osvdb(s)	4
Openvas Exploit(s)	1
IAVM(s)	1
Nessus® Exploit(s)	18

	Related
10	HPSBUX02523 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)