CVE-2010-1039 — HIGH (10.0)

Q: How severe is CVE-2010-1039?

CVE-2010-1039 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-1039?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Nfs\/Oncplus, Hp Hp-Ux, Ibm Aix, Ibm Vios, Sgi Irix.

Vulnerability Description

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Hp	Nfs\/Oncplus	<= b.11.31_09
Hp	Hp-Ux	b.11.11
Ibm	Aix	<= 5.3
Ibm	Vios	<= 1.5
Sgi	Irix	6.5

Related Weaknesses (CWE)

CWE-134

References

FAQ

What is CVE-2010-1039?

CVE-2010-1039 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and...

How severe is CVE-2010-1039?

CVE-2010-1039 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1039?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Nfs\/Oncplus, Hp Hp-Ux, Ibm Aix, Ibm Vios, Sgi Irix.