Vulnerability in Hp Hp-ux

CVE-2010-1039

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remot…

EPSS: 0.202 (97.1th percentile) — read the EPSS interpretation.

Affected products

Hp Hp-ux — versions b.11.23, b.11.11, b.11.31
Hp Nfs\/oncplus
Ibm Aix — versions 5.2.0.50, 4.1.1, 5.1l
Ibm Vios — versions 1.4, 2.1
Sgi Irix — versions 6.5
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

hp-security-alert@hp.com (x_refsource_OSVDB, vdb-entry)
hp-security-alert@hp.com (vendor-advisory, x_refsource_AIXAPAR)
hp-security-alert@hp.com (x_refsource_SECUNIA, third-party-advisory)
hp-security-alert@hp.com (x_refsource_CONFIRM)
hp-security-alert@hp.com (signature, x_refsource_OVAL, vdb-entry)
hp-security-alert@hp.com (Patch, vdb-entry, x_refsource_BID)
hp-security-alert@hp.com (vdb-entry, x_refsource_SECTRACK)
hp-security-alert@hp.com (vendor-advisory, x_refsource_AIXAPAR)
hp-security-alert@hp.com (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
hp-security-alert@hp.com (vendor-advisory, x_refsource_AIXAPAR)