DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509)
High
November 3, 2009
Digital Defense, Inc. Vulnerability Research Team
Credit: Alex Kaszczuk, Alan Chin, Jose R. Hernandez and r@b13$
The rpc.cmsd service contains an integer overflow which can allow a malicious unauthenticated user to
cause a denial of service, or remotely execute arbitrary code with root privileges.
Sun has addressed this vulnerability in Sun bugID 6214701. The patch is available for download through
the Oracle October Critical Patch Update (CPU) released on 12 October, 2010.
Sun Solaris 10 (10/09 Download)
Vendor Name: Sun Microsystems
Vendor Website: http://www.sun.com/