VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 1, 1999· Updated Apr 16, 2026

CVE-1999-0696

CVE-1999-0696

Description

A buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) allows remote root compromise on affected Solaris and HP-UX systems.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) allows remote root compromise on affected Solaris and HP-UX systems.

Vulnerability

A buffer overflow vulnerability exists in the rpc.cmsd service, which is part of the CDE Calendar Manager. This vulnerability is present in Sun's Solaris and HP-UX operating systems, specifically versions 10.20, 10.30, and 11.0 [1].

Exploitation

An attacker can exploit this vulnerability remotely. The exploit involves sending specially crafted data to the rpc.cmsd service, triggering the buffer overflow. No specific authentication or user interaction is mentioned as required for exploitation, suggesting it is accessible over the network [1].

Impact

Successful exploitation of this buffer overflow vulnerability leads to a remote root compromise. This means an attacker can gain complete administrative control over the affected system [1].

Mitigation

Information regarding a fixed version or patch for this vulnerability is not available in the provided references. Users are advised to check vendor advisories for potential workarounds or updates. The affected systems are older, and users should consider upgrading to supported versions if possible [1].

References
  1. Caldera OpenUnix 8.0/UnixWare 7.1.1 / HP HP-UX 11.0 / Solaris 7.0 / SunOS 4.1.4 - rpc.cmsd Buffer Overflow (1)

AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Microfocus/Hpux2 versions
    cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*
    • cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • Sun Corporation/Solaris2 versions
    cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*+ 1 more
    • cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*
    • cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
  • Sun Corporation/Sunos5 versions
    cpe:2.3:o:sun:sunos:4.1.3:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:sun:sunos:4.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • Sun Corporation/CDE Calendar Manager Service Daemon (rpc.cmsd)llm-create

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The rpc.cmsd service daemon is vulnerable to a buffer overflow when handling calendar entries."

Attack vector

An attacker can trigger a remotely exploitable buffer overflow in the rpc.cmsd service by sending a specially crafted request. This request can lead to a remote root compromise on affected systems [ref_id=1]. The vulnerability is present in versions of Sun's Solaris and HP-UX operating systems [ref_id=1].

Affected code

The vulnerability lies within the rpc.cmsd service daemon, which is responsible for managing calendar entries. The exploit code targets the `CMSD_CREATE` and `CMSD_INSERT` functions, indicating that the buffer overflow occurs during the creation or insertion of calendar data [ref_id=1].

What the fix does

The provided bundle does not contain a patch or specific details on how the vulnerability is fixed. Remediation guidance would typically involve updating the affected software to a patched version or disabling the vulnerable service if it is not required.

Preconditions

  • networkThe target system must be reachable over the network.
  • inputThe attacker must be able to send a malformed RPC request to the rpc.cmsd service.

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.