cvelistv5 - cve-2010-4435

CVE-2010-4435 (GCVE-0-2010-4435)

Vulnerability from cvelistv5 – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43

Summary

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

	http://secunia.com/advisories/43258	third-party-advisoryx_refsource_SECUNIA
	http://aix.software.ibm.com/aix/efixes/security/c…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2011/0352	vdb-entryx_refsource_VUPEN
	http://osvdb.org/70569	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/516304/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/42984	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/516284/100…	mailing-listx_refsource_BUGTRAQ
	http://www.exploit-db.com/exploits/16137	exploitx_refsource_EXPLOIT-DB
	http://securityreason.com/securityalert/8069	third-party-advisoryx_refsource_SREASON
	http://www.zerodayinitiative.com/advisories/ZDI-11-062/	x_refsource_MISC
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.securitytracker.com/id?1024975	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2011/0151	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/45853	vdb-entryx_refsource_BID
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/46261	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43258",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43258"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
          },
          {
            "name": "solaris-cde-code-execution(64797)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
          },
          {
            "name": "HPSBUX02628",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
          },
          {
            "name": "ADV-2011-0352",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0352"
          },
          {
            "name": "70569",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70569"
          },
          {
            "name": "20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
          },
          {
            "name": "42984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42984"
          },
          {
            "name": "20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
          },
          {
            "name": "16137",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/16137"
          },
          {
            "name": "8069",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8069"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/"
          },
          {
            "name": "SSRT090183",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
          },
          {
            "name": "1024975",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024975"
          },
          {
            "name": "ADV-2011-0151",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0151"
          },
          {
            "name": "45853",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45853"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12794",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
          },
          {
            "name": "46261",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46261"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "43258",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43258"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
        },
        {
          "name": "solaris-cde-code-execution(64797)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
        },
        {
          "name": "HPSBUX02628",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
        },
        {
          "name": "ADV-2011-0352",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0352"
        },
        {
          "name": "70569",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70569"
        },
        {
          "name": "20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
        },
        {
          "name": "42984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42984"
        },
        {
          "name": "20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
        },
        {
          "name": "16137",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/16137"
        },
        {
          "name": "8069",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8069"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/"
        },
        {
          "name": "SSRT090183",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
        },
        {
          "name": "1024975",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024975"
        },
        {
          "name": "ADV-2011-0151",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0151"
        },
        {
          "name": "45853",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45853"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        },
        {
          "name": "oval:org.mitre.oval:def:12794",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
        },
        {
          "name": "46261",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46261"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-4435",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43258",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43258"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc",
              "refsource": "MISC",
              "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
            },
            {
              "name": "solaris-cde-code-execution(64797)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
            },
            {
              "name": "HPSBUX02628",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
            },
            {
              "name": "ADV-2011-0352",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0352"
            },
            {
              "name": "70569",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/70569"
            },
            {
              "name": "20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
            },
            {
              "name": "42984",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42984"
            },
            {
              "name": "20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
            },
            {
              "name": "16137",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/16137"
            },
            {
              "name": "8069",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8069"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/"
            },
            {
              "name": "SSRT090183",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
            },
            {
              "name": "1024975",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024975"
            },
            {
              "name": "ADV-2011-0151",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0151"
            },
            {
              "name": "45853",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45853"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "oval:org.mitre.oval:def:12794",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
            },
            {
              "name": "46261",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46261"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-4435",
    "datePublished": "2011-01-19T16:00:00",
    "dateReserved": "2010-12-06T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2475113-CFE4-41C8-A86F-F2DA6548D224\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1E585DC-FC74-4BB0-96B7-C00B6DB610DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad no especificada en Solaris de Oracle versiones 8, 9 y 10, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad, relacionadas con CDE Calendar Manager Service Daemon and RPC. NOTA: la informaci\\u00f3n anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado sobre las afirmaciones de otros proveedores de software que esto afecta a otros sistemas operativos, como HP-UX, o las afirmaciones de un tercero confiable de que se trata de un desbordamiento de b\\u00fafer en el archivo rpc.cmsd por medio de cadenas ASCII largas codificadas en XDR en la llamada RPC 10.\"}]",
      "id": "CVE-2010-4435",
      "lastModified": "2024-11-21T01:20:56.620",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-01-19T17:00:02.123",
      "references": "[{\"url\": \"http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://osvdb.org/70569\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://secunia.com/advisories/42984\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43258\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8069\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/16137\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/516284/100/0/threaded\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/516304/100/0/threaded\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securityfocus.com/bid/45853\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securityfocus.com/bid/46261\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securitytracker.com/id?1024975\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0151\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0352\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-11-062/\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64797\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/70569\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/8069\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/16137\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/516284/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/516304/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/45853\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/46261\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024975\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0151\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-11-062/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64797\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4435\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2011-01-19T17:00:02.123\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad no especificada en Solaris de Oracle versiones 8, 9 y 10, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad, relacionadas con CDE Calendar Manager Service Daemon and RPC. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado sobre las afirmaciones de otros proveedores de software que esto afecta a otros sistemas operativos, como HP-UX, o las afirmaciones de un tercero confiable de que se trata de un desbordamiento de b\u00fafer en el archivo rpc.cmsd por medio de cadenas ASCII largas codificadas en XDR en la llamada RPC 10.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2475113-CFE4-41C8-A86F-F2DA6548D224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1E585DC-FC74-4BB0-96B7-C00B6DB610DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://osvdb.org/70569\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/42984\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43258\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8069\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.exploit-db.com/exploits/16137\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516284/100/0/threaded\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/516304/100/0/threaded\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securityfocus.com/bid/45853\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securityfocus.com/bid/46261\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securitytracker.com/id?1024975\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0151\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0352\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-062/\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64797\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/70569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/16137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516284/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/516304/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-11-062/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-WXFQ-R6W9-2MG2

Vulnerability from github – Published: 2022-05-14 02:42 – Updated: 2025-04-11 03:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4435"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-19T17:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.",
  "id": "GHSA-wxfq-r6w9-2mg2",
  "modified": "2025-04-11T03:43:13Z",
  "published": "2022-05-14T02:42:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4435"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/70569"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42984"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43258"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8069"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/16137"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45853"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46261"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024975"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0151"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0352"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.

Description

De multiples vulnérabilités ont été corrigées dans les produits Oracle tels que Oracle Database, Oracle Application Server ou Oracle Open Office. Certaines de ces vulnérabilités peuvent être exploitées par un utilisateur malveillant distant pour contourner la politique de sécurité ou encore porter atteinte à l'intégrité et/ou la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;
Oracle	N/A	Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;
Oracle	N/A	Oracle Sun Product Suite ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	N/A	Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	N/A	Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	N/A	Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;
Oracle	N/A	Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.1 ;
Oracle	N/A	Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;
Oracle	N/A	Oracle GoldenGate Veridata, version 3.0.0.4 ;
Oracle	N/A	Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle de janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Sun Product Suite ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
    },
    {
      "name": "CVE-2010-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
    },
    {
      "name": "CVE-2010-4438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
    },
    {
      "name": "CVE-2010-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
    },
    {
      "name": "CVE-2010-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
    },
    {
      "name": "CVE-2010-4439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
    },
    {
      "name": "CVE-2010-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
    },
    {
      "name": "CVE-2010-4453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
    },
    {
      "name": "CVE-2010-4433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
    },
    {
      "name": "CVE-2010-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
    },
    {
      "name": "CVE-2010-4464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
    },
    {
      "name": "CVE-2010-4457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
    },
    {
      "name": "CVE-2010-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
    },
    {
      "name": "CVE-2010-4460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
    },
    {
      "name": "CVE-2010-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
    },
    {
      "name": "CVE-2010-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
    },
    {
      "name": "CVE-2010-4414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
    },
    {
      "name": "CVE-2010-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
    },
    {
      "name": "CVE-2010-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
    },
    {
      "name": "CVE-2010-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
    },
    {
      "name": "CVE-2010-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
    },
    {
      "name": "CVE-2010-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
    },
    {
      "name": "CVE-2010-4441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
    },
    {
      "name": "CVE-2010-4440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
    },
    {
      "name": "CVE-2010-4436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
    },
    {
      "name": "CVE-2010-4443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
    },
    {
      "name": "CVE-2010-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
    },
    {
      "name": "CVE-2010-4437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
    },
    {
      "name": "CVE-2009-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
    },
    {
      "name": "CVE-2010-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
    },
    {
      "name": "CVE-2010-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
    },
    {
      "name": "CVE-2010-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
    },
    {
      "name": "CVE-2010-4428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
    },
    {
      "name": "CVE-2010-4446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
    },
    {
      "name": "CVE-2010-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
    },
    {
      "name": "CVE-2010-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2010-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
    },
    {
      "name": "CVE-2010-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
    },
    {
      "name": "CVE-2010-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
    },
    {
      "name": "CVE-2010-4442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
    },
    {
      "name": "CVE-2010-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
    },
    {
      "name": "CVE-2010-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
    },
    {
      "name": "CVE-2010-3505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
    },
    {
      "name": "CVE-2010-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
    },
    {
      "name": "CVE-2010-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
    },
    {
      "name": "CVE-2010-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
    },
    {
      "name": "CVE-2010-4445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
    },
    {
      "name": "CVE-2010-4458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
    },
    {
      "name": "CVE-2010-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
    },
    {
      "name": "CVE-2010-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
    },
    {
      "name": "CVE-2010-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
    },
    {
      "name": "CVE-2010-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
    },
    {
      "name": "CVE-2010-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
    },
    {
      "name": "CVE-2010-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
    },
    {
      "name": "CVE-2010-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
    },
    {
      "name": "CVE-2010-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
    },
    {
      "name": "CVE-2010-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
    },
    {
      "name": "CVE-2010-3574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
    },
    {
      "name": "CVE-2010-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    },
    {
      "name": "CVE-2010-4430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
    },
    {
      "name": "CVE-2010-1227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
    },
    {
      "name": "CVE-2010-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
    },
    {
      "name": "CVE-2010-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
    },
    {
      "name": "CVE-2010-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    }
  ]
}

CERTA-2011-AVI-022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;
Oracle	N/A	Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;
Oracle	N/A	Oracle Sun Product Suite ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	N/A	Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	N/A	Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	N/A	Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;
Oracle	N/A	Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.1 ;
Oracle	N/A	Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;
Oracle	N/A	Oracle GoldenGate Veridata, version 3.0.0.4 ;
Oracle	N/A	Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle de janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Sun Product Suite ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
    },
    {
      "name": "CVE-2010-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
    },
    {
      "name": "CVE-2010-4438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
    },
    {
      "name": "CVE-2010-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
    },
    {
      "name": "CVE-2010-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
    },
    {
      "name": "CVE-2010-4439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
    },
    {
      "name": "CVE-2010-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
    },
    {
      "name": "CVE-2010-4453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
    },
    {
      "name": "CVE-2010-4433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
    },
    {
      "name": "CVE-2010-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
    },
    {
      "name": "CVE-2010-4464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
    },
    {
      "name": "CVE-2010-4457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
    },
    {
      "name": "CVE-2010-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
    },
    {
      "name": "CVE-2010-4460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
    },
    {
      "name": "CVE-2010-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
    },
    {
      "name": "CVE-2010-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
    },
    {
      "name": "CVE-2010-4414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
    },
    {
      "name": "CVE-2010-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
    },
    {
      "name": "CVE-2010-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
    },
    {
      "name": "CVE-2010-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
    },
    {
      "name": "CVE-2010-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
    },
    {
      "name": "CVE-2010-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
    },
    {
      "name": "CVE-2010-4441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
    },
    {
      "name": "CVE-2010-4440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
    },
    {
      "name": "CVE-2010-4436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
    },
    {
      "name": "CVE-2010-4443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
    },
    {
      "name": "CVE-2010-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
    },
    {
      "name": "CVE-2010-4437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
    },
    {
      "name": "CVE-2009-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
    },
    {
      "name": "CVE-2010-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
    },
    {
      "name": "CVE-2010-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
    },
    {
      "name": "CVE-2010-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
    },
    {
      "name": "CVE-2010-4428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
    },
    {
      "name": "CVE-2010-4446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
    },
    {
      "name": "CVE-2010-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
    },
    {
      "name": "CVE-2010-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2010-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
    },
    {
      "name": "CVE-2010-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
    },
    {
      "name": "CVE-2010-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
    },
    {
      "name": "CVE-2010-4442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
    },
    {
      "name": "CVE-2010-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
    },
    {
      "name": "CVE-2010-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
    },
    {
      "name": "CVE-2010-3505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
    },
    {
      "name": "CVE-2010-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
    },
    {
      "name": "CVE-2010-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
    },
    {
      "name": "CVE-2010-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
    },
    {
      "name": "CVE-2010-4445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
    },
    {
      "name": "CVE-2010-4458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
    },
    {
      "name": "CVE-2010-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
    },
    {
      "name": "CVE-2010-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
    },
    {
      "name": "CVE-2010-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
    },
    {
      "name": "CVE-2010-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
    },
    {
      "name": "CVE-2010-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
    },
    {
      "name": "CVE-2010-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
    },
    {
      "name": "CVE-2010-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
    },
    {
      "name": "CVE-2010-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
    },
    {
      "name": "CVE-2010-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
    },
    {
      "name": "CVE-2010-3574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
    },
    {
      "name": "CVE-2010-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    },
    {
      "name": "CVE-2010-4430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
    },
    {
      "name": "CVE-2010-1227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
    },
    {
      "name": "CVE-2010-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
    },
    {
      "name": "CVE-2010-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
    },
    {
      "name": "CVE-2010-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    }
  ]
}

FKIE_CVE-2010-4435

Vulnerability from fkie_nvd - Published: 2011-01-19 17:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert_us@oracle.com	http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
secalert_us@oracle.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
secalert_us@oracle.com	http://osvdb.org/70569
secalert_us@oracle.com	http://secunia.com/advisories/42984	Vendor Advisory
secalert_us@oracle.com	http://secunia.com/advisories/43258	Vendor Advisory
secalert_us@oracle.com	http://securityreason.com/securityalert/8069
secalert_us@oracle.com	http://www.exploit-db.com/exploits/16137	Exploit
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/archive/1/516284/100/0/threaded
secalert_us@oracle.com	http://www.securityfocus.com/archive/1/516304/100/0/threaded
secalert_us@oracle.com	http://www.securityfocus.com/bid/45853
secalert_us@oracle.com	http://www.securityfocus.com/bid/46261
secalert_us@oracle.com	http://www.securitytracker.com/id?1024975
secalert_us@oracle.com	http://www.vupen.com/english/advisories/2011/0151	Vendor Advisory
secalert_us@oracle.com	http://www.vupen.com/english/advisories/2011/0352	Vendor Advisory
secalert_us@oracle.com	http://www.zerodayinitiative.com/advisories/ZDI-11-062/
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
secalert_us@oracle.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/70569
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42984	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43258	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8069
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/16137	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516284/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516304/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45853
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46261
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024975
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0151	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0352	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-11-062/
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64797
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794

Impacted products

Vendor	Product	Version
sun	sunos	5.8
sun	sunos	5.9
sun	sunos	5.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E585DC-FC74-4BB0-96B7-C00B6DB610DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en Solaris de Oracle versiones 8, 9 y 10, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad, relacionadas con CDE Calendar Manager Service Daemon and RPC. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de enero de 2011. Oracle no ha comentado sobre las afirmaciones de otros proveedores de software que esto afecta a otros sistemas operativos, como HP-UX, o las afirmaciones de un tercero confiable de que se trata de un desbordamiento de b\u00fafer en el archivo rpc.cmsd por medio de cadenas ASCII largas codificadas en XDR en la llamada RPC 10."
    }
  ],
  "id": "CVE-2010-4435",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-01-19T17:00:02.123",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://osvdb.org/70569"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42984"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43258"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://securityreason.com/securityalert/8069"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/16137"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/45853"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/46261"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id?1024975"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0151"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0352"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/70569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/16137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-4435

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4435

Aliases

CVE-2010-4435

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4435",
    "description": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.",
    "id": "GSD-2010-4435",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-4435"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4435"
      ],
      "details": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.",
      "id": "GSD-2010-4435",
      "modified": "2023-12-13T01:21:30.365109Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2010-4435",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43258",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43258"
          },
          {
            "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc",
            "refsource": "MISC",
            "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
          },
          {
            "name": "solaris-cde-code-execution(64797)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
          },
          {
            "name": "HPSBUX02628",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
          },
          {
            "name": "ADV-2011-0352",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0352"
          },
          {
            "name": "70569",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/70569"
          },
          {
            "name": "20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
          },
          {
            "name": "42984",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42984"
          },
          {
            "name": "20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
          },
          {
            "name": "16137",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/16137"
          },
          {
            "name": "8069",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8069"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/"
          },
          {
            "name": "SSRT090183",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
          },
          {
            "name": "1024975",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024975"
          },
          {
            "name": "ADV-2011-0151",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0151"
          },
          {
            "name": "45853",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45853"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          },
          {
            "name": "oval:org.mitre.oval:def:12794",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
          },
          {
            "name": "46261",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46261"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-4435"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "45853",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45853"
            },
            {
              "name": "70569",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/70569"
            },
            {
              "name": "1024975",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024975"
            },
            {
              "name": "42984",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42984"
            },
            {
              "name": "ADV-2011-0151",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0151"
            },
            {
              "name": "16137",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/16137"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc",
              "refsource": "MISC",
              "tags": [],
              "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
            },
            {
              "name": "HPSBUX02628",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395"
            },
            {
              "name": "43258",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/43258"
            },
            {
              "name": "46261",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46261"
            },
            {
              "name": "ADV-2011-0352",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0352"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-062/"
            },
            {
              "name": "8069",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8069"
            },
            {
              "name": "solaris-cde-code-execution(64797)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64797"
            },
            {
              "name": "oval:org.mitre.oval:def:12794",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794"
            },
            {
              "name": "20110208 CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516304/100/0/threaded"
            },
            {
              "name": "20110208 ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516284/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T20:08Z",
      "publishedDate": "2011-01-19T17:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4435 (GCVE-0-2010-4435)

GHSA-WXFQ-R6W9-2MG2

CERTA-2011-AVI-022

Description

Solution

CERTA-2011-AVI-022

Description

Solution

FKIE_CVE-2010-4435

GSD-2010-4435

Tags

Sightings

Nomenclature