What is the severity of CVE-2010-2064?

CVE-2010-2064 is rated as a high severity vulnerability due to the potential for local privilege escalation.

How do I fix CVE-2010-2064?

To fix CVE-2010-2064, you should upgrade rpcbind to version 1.2.5-9 or higher.

Who is affected by CVE-2010-2064?

CVE-2010-2064 affects local users on systems running rpcbind version 0.2.0.

What type of attack does CVE-2010-2064 exploit?

CVE-2010-2064 exploits a symlink attack to allow local users to write to arbitrary files.

Is rpcbind 0.2.0 safe to use in production environments?

No, rpcbind 0.2.0 is not safe to use in production environments due to the risk presented by CVE-2010-2064.

Vulnerability/
CVE-2010-2064

high

7.1

CWE

27/5/2010

29/10/2019

7/8/2024

CVE-2010-2064

First published: Thu May 27 2010(Updated: )

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/rpcbind		1.2.5-9 1.2.6-6 1.2.6-8.1
Sun RPCBind	=0.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2064?
CVE-2010-2064 is rated as a high severity vulnerability due to the potential for local privilege escalation.
How do I fix CVE-2010-2064?
To fix CVE-2010-2064, you should upgrade rpcbind to version 1.2.5-9 or higher.
Who is affected by CVE-2010-2064?
CVE-2010-2064 affects local users on systems running rpcbind version 0.2.0.
What type of attack does CVE-2010-2064 exploit?
CVE-2010-2064 exploits a symlink attack to allow local users to write to arbitrary files.
Is rpcbind 0.2.0 safe to use in production environments?
No, rpcbind 0.2.0 is not safe to use in production environments due to the risk presented by CVE-2010-2064.

collector/redhat-cve
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/author
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/description
agent/event
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/softwarecombine
agent/tags
package-manager/debian
vendor/rpcbind project
canonical/sun rpcbind
version/sun rpcbind/0.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2010-2064?
CVE-2010-2064 is rated as a high severity vulnerability due to the potential for local privilege escalation.
How do I fix CVE-2010-2064?
To fix CVE-2010-2064, you should upgrade rpcbind to version 1.2.5-9 or higher.
Who is affected by CVE-2010-2064?
CVE-2010-2064 affects local users on systems running rpcbind version 0.2.0.
What type of attack does CVE-2010-2064 exploit?
CVE-2010-2064 exploits a symlink attack to allow local users to write to arbitrary files.
Is rpcbind 0.2.0 safe to use in production environments?
No, rpcbind 0.2.0 is not safe to use in production environments due to the risk presented by CVE-2010-2064.