CVE-2009-3699

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.x through 5.3.10 IBM AIX versions 6.x through 6.1.3 VIOS versions 2.1 and earlier

Description A stack-based buffer overflow issue exists in the libcsa.a library, which is part of the calendar daemon. This issue can be exploited by remote attackers who send a long XDR string in the first argument to procedure 21 of rpc.cmsd, allowing them to execute arbitrary code.

Recommendations For IBM AIX versions 5.x through 5.3.10, update to a version later than 5.3.10 to resolve the issue. For IBM AIX versions 6.x through 6.1.3, update to a version later than 6.1.3 to resolve the issue. For VIOS versions 2.1 and earlier, update to a version later than 2.1 to resolve the issue. As a temporary workaround, consider restricting access to the rpc.cmsd procedure 21 to minimize the risk of exploitation.