The CDE Calendar Manager Service Daemon is a software component used in older Unix systems to manage calendar-related tasks. The vulnerability allows an attacker to execute arbitrary code on the system by exploiting a buffer overflow in the rpc.cmsd service.
You're affected if you use CDE Calendar Manager Service Daemon versions prior to 3.1u. Check with: find / -name "rpc.cmsd" 2>/dev/null or grep -r "rpc.cmsd" /etc/*
Note: This is a legacy system, and most modern Unix systems have moved away from CDE. If you don't recognize the name, you're probably not affected.
Version info: Not specified in the advisory.
Upgrade to CDE Calendar Manager Service Daemon version 3.1u or later.
- For immediate mitigation:
+ Restrict network access to your system (firewall it from the public internet)
+ Audit service logs for suspicious activity patterns