PT-2010-5274 · Ibm · Ibm Informix Dynamic Server

Sebastian Apelt

·

Publicado

2010-10-25

·

Atualizado

2010-10-27

·

CVE-2010-4070

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions 7.x through 7.31.xD10 IBM Informix Dynamic Server (IDS) versions 9.x through 9.40.xC9 IBM Informix Dynamic Server (IDS) versions 10.00 through 10.00.xC7 IBM Informix Dynamic Server (IDS) versions 11.10 through 11.10.xC1
Description The issue is caused by an integer overflow in librpc.dll in portmap.exe, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted parameter size. This can result in heap memory corruption.
Recommendations For IBM Informix Dynamic Server (IDS) versions 7.x through 7.31.xD10, update to version 7.31.xD11 or later. For IBM Informix Dynamic Server (IDS) versions 9.x through 9.40.xC9, update to version 9.40.xC10 or later. For IBM Informix Dynamic Server (IDS) versions 10.00 through 10.00.xC7, update to version 10.00.xC8 or later. For IBM Informix Dynamic Server (IDS) versions 11.10 through 11.10.xC1, update to version 11.10.xC2 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2010-4070

Produtos afetados

Ibm Informix Dynamic Server