CVE-2010-1039
First published: Thu May 20 2010(Updated: )
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM AIX | =4.3.2 | |
| IBM AIX | =4.3 | |
| IBM AIX | =4 | |
| IBM AIX | =5.2.0.50 | |
| IBM AIX | =4.2.1 | |
| IBM AIX | =3.2.5 | |
| IBM AIX | <=5.3 | |
| IBM AIX | =3.2.4 | |
| IBM AIX | =4.1.4 | |
| IBM AIX | =4.2.1.12 | |
| IBM AIX | =4.2 | |
| IBM AIX | =4.1.5 | |
| IBM AIX | =1.2.1 | |
| IBM AIX | =4.3.0 | |
| IBM AIX | =430 | |
| IBM AIX | =5.2 | |
| IBM AIX | =5.2_l | |
| IBM AIX | =5.2.0.54 | |
| IBM AIX | =6.1 | |
| IBM AIX | =3.2.0 | |
| IBM AIX | =4.0 | |
| IBM AIX | =4.3.3 | |
| IBM AIX | =3.1 | |
| IBM AIX | =4.1.1 | |
| IBM AIX | =4.2.0 | |
| IBM AIX | =5.2.0 | |
| IBM AIX | =5.2.2 | |
| IBM AIX | =2.2.1 | |
| IBM AIX | =5.1.0.10 | |
| IBM AIX | =4.1.2 | |
| IBM AIX | =4.3.1 | |
| IBM AIX | =5.1l | |
| IBM AIX | =4.1 | |
| IBM AIX | =4.1.3 | |
| IBM AIX | =1.3 | |
| IBM AIX | =5.1 | |
| IBM AIX | =3.2 | |
| IBM Virtual I/O Server (VIOS) | =2.1 | |
| IBM Virtual I/O Server (VIOS) | <=1.5 | |
| IBM Virtual I/O Server (VIOS) | =1.4 | |
| SGI IRIX | =6.5 | |
| HP NFS/ONCplus | <=b.11.31_09 | |
| HPE HP-UX | =b.11.11 | |
| HPE HP-UX | =b.11.23 | |
| HPE HP-UX | =b.11.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/40248
- http://secunia.com/advisories/39835
- http://marc.info/?l=bugtraq&m=127428077629933&w=2
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73599
- http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc
- http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
- http://www.ibm.com/support/docview.wss?uid=isg1IZ75465
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73590
- http://www.ibm.com/support/docview.wss?uid=isg1IZ75369
- http://secunia.com/advisories/39911
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73681
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73874
- http://securitytracker.com/id?1024016
- http://www.ibm.com/support/docview.wss?uid=isg1IZ75440
- http://www.ibm.com/support/docview.wss?uid=isg1IZ73757
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088
- http://www.vupen.com/english/advisories/2010/1213
- http://www.vupen.com/english/advisories/2010/1199
- http://osvdb.org/64729
- http://www.securitytracker.com/id?1023994
- http://www.vupen.com/english/advisories/2010/1212
- http://www.vupen.com/english/advisories/2010/1211
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58718
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986
- http://www.securityfocus.com/archive/1/511405/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-1039?
CVE-2010-1039 has a high severity due to its potential for remote code execution.
How do I fix CVE-2010-1039?
To mitigate CVE-2010-1039, update the affected systems to a patched version of IBM AIX or related software that resolves this vulnerability.
Which systems are affected by CVE-2010-1039?
CVE-2010-1039 affects IBM AIX, IBM VIOS, HP-UX, and SGI IRIX systems, particularly versions prior to the security updates.
Is CVE-2010-1039 a local or remote vulnerability?
CVE-2010-1039 is a remote vulnerability, allowing attackers to exploit the system over a network.
What types of attacks can CVE-2010-1039 facilitate?
CVE-2010-1039 can facilitate arbitrary code execution attacks, potentially allowing attackers to take control of the affected system.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/4.3.2
- version/ibm aix/4.3
- version/ibm aix/4
- version/ibm aix/5.2.0.50
- version/ibm aix/4.2.1
- version/ibm aix/3.2.5
- version/ibm aix/5.3
- version/ibm aix/3.2.4
- version/ibm aix/4.1.4
- version/ibm aix/4.2.1.12
- version/ibm aix/4.2
- version/ibm aix/4.1.5
- version/ibm aix/1.2.1
- version/ibm aix/4.3.0
- version/ibm aix/430
- version/ibm aix/5.2
- version/ibm aix/5.2_l
- version/ibm aix/5.2.0.54
- version/ibm aix/6.1
- version/ibm aix/3.2.0
- version/ibm aix/4.0
- version/ibm aix/4.3.3
- version/ibm aix/3.1
- version/ibm aix/4.1.1
- version/ibm aix/4.2.0
- version/ibm aix/5.2.0
- version/ibm aix/5.2.2
- version/ibm aix/2.2.1
- version/ibm aix/5.1.0.10
- version/ibm aix/4.1.2
- version/ibm aix/4.3.1
- version/ibm aix/5.1l
- version/ibm aix/4.1
- version/ibm aix/4.1.3
- version/ibm aix/1.3
- version/ibm aix/5.1
- version/ibm aix/3.2
- canonical/ibm virtual i/o server (vios)
- version/ibm virtual i/o server (vios)/2.1
- version/ibm virtual i/o server (vios)/1.5
- version/ibm virtual i/o server (vios)/1.4
- vendor/sgi
- canonical/sgi irix
- version/sgi irix/6.5
- vendor/hp
- canonical/hp nfs/oncplus
- version/hp nfs/oncplus/b.11.31_09
- canonical/hpe hp-ux
- version/hpe hp-ux/b.11.11
- version/hpe hp-ux/b.11.23
- version/hpe hp-ux/b.11.31