CVE-2010-4435

Sunos - Buffer Overflow

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4435. PoCs published by Rodrigo Rubira Branco.

AI-analyzed exploit summary This exploit targets CVE-2010-4435, a vulnerability in the rpc.cmsd service on Solaris, AIX, and HP-UX. It sends maliciously crafted RPC requests to trigger a buffer overflow, potentially leading to remote code execution.

Description

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

Exploits (1)

exploitdb WORKING POC

by Rodrigo Rubira Branco · cremotemultiple

https://www.exploit-db.com/exploits/16137

View Code ZIP pw:eip

This exploit targets CVE-2010-4435, a vulnerability in the rpc.cmsd service on Solaris, AIX, and HP-UX. It sends maliciously crafted RPC requests to trigger a buffer overflow, potentially leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: rpc.cmsd (Solaris, AIX, HP-UX)

No auth needed

Prerequisites: Network access to the target's rpc.cmsd service (UDP port 100068)

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (18)

Core 18

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43258

Various Sources x_refsource_misc

http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/64797

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0352

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/70569

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/516304/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42984

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/516284/100/0/threaded

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/16137

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8069

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-11-062/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024975

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0151

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45853

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12794

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/46261

Scores

EPSS 0.1417

EPSS Percentile 96.1%

Details

Status published

Products (3)

sun/sunos 5.8

sun/sunos 5.9

sun/sunos 5.10

Published Jan 19, 2011

Tracked Since Feb 18, 2026