RPC: Oracle Solaris CDE Calendar Manager Service Daemon Remote Buffer Overflow
This signature detects attempts to exploit a known flaw in Oracle Solaris CDE Calendar Manager Service Daemon. A successful attack would in arbitrary remote code execution with root privileges.
Extended Description
Oracle Solaris is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue affects the CDE Calendar Manager Remote Procedure Call (RPC) service ('rpc.cmsd'). Remote attackers can exploit this issue to execute arbitrary code with superuser privileges, which can result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition. This vulnerability affects the following supported versions: 8, 9, 10
Affected Products
Sun solaris
Short Name
RPC:SOL-CDE-CALENDAR-MGR
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
RPC
Keywords
Buffer CDE CVE-2010-4435 Calendar Daemon Manager Oracle Overflow Remote Service Solaris bid:45853 bid:46261
Release Date
04/26/2011
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3636
False Positive
Unknown
Vendors
Sun
Avaya
CVSS Score
10.0