Signature Detail
Short Name |
RPC:SOL-CDE-CALENDAR-MGR |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
RPC |
Keywords |
Oracle Solaris CDE Calendar Manager Service Daemon Remote Buffer Overflow |
Release Date |
2011/04/26 |
Update Number |
1909 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
RPC: Oracle Solaris CDE Calendar Manager Service Daemon Remote Buffer Overflow
This signature detects attempts to exploit a known flaw in Oracle Solaris CDE Calendar Manager Service Daemon. A successful attack would in arbitrary remote code execution with root privileges.
Extended Description
Oracle Solaris is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue affects the CDE Calendar Manager Remote Procedure Call (RPC) service ('rpc.cmsd'). Remote attackers can exploit this issue to execute arbitrary code with superuser privileges, which can result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition. This vulnerability affects the following supported versions: 8, 9, 10
Affected Products
- Avaya CMS Server 15.0
- Avaya CMS Server 16.0
- Avaya CMS Server 16.1
- Avaya CMS Server 16.2
- Avaya Interactive Response 3.0
- Avaya Interactive Response 4.0
- Sun Solaris 10 Sparc
- Sun Solaris 10 X86
- Sun Solaris 8.1
- Sun Solaris 8.2
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9.1
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
- Sun Solaris 9 X86 Update 2
- Sun Solaris 9 X86 Update 5
References