RPC: Oracle Solaris CDE Calendar Manager Service Daemon Remote Buffer Overflow 1
This signature detects attempts to exploit a known flaw in Oracle Solaris CDE Calendar Manager Service Daemon. A successful attack would in arbitrary remote code execution with root privileges.
Extended Description
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
Affected Products
Sun sunos
Short Name
RPC:SOL-CDE-CALENDAR-MGR1
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
RPC
Keywords
1 Buffer CDE CVE-2010-4435 Calendar Daemon Manager Oracle Overflow Remote Service Solaris bid:45853 bid:46261
Release Date
06/02/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
UDP/32776,45612,48217
False Positive
Unknown
Vendors
Sun
CVSS Score
10.0