PT-2010-2760 · Ibm+2 · Vios+4
Rodrigo Rubira Branco
·
Published
2010-05-20
·
Updated
2018-10-10
·
CVE-2010-1039
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM AIX versions 6.1, 5.3 and earlier
IBM VIOS versions 2.1, 1.5 and earlier
NFS/ONCplus B.11.31 09 and earlier on HP HP-UX versions B.11.11, B.11.23, and B.11.31
SGI IRIX version 6.5
Description
The issue allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. This is due to a format string vulnerability in the msgout function in rpc.pcnfsd.
Recommendations
For IBM AIX versions 6.1, 5.3 and earlier, update to a version that fixes the format string vulnerability in the msgout function.
For IBM VIOS versions 2.1, 1.5 and earlier, update to a version that fixes the format string vulnerability in the msgout function.
For NFS/ONCplus B.11.31 09 and earlier on HP HP-UX versions B.11.11, B.11.23, and B.11.31, update to a version that fixes the format string vulnerability in the msgout function.
For SGI IRIX version 6.5, update to a version that fixes the format string vulnerability in the msgout function.
Exploit
Fix
RCE
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aix
Hp-Ux
Irix
Hp Nfs/Oncplus
Vios