PT-2010-1272 · Ibm · Librpc.Dll+2

Sebastian Apelt

Published

2010-03-01

Updated

2018-10-10

CVE-2009-2753

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions 10.x prior to 10.00.TC9 IBM Informix Dynamic Server (IDS) versions 11.x prior to 11.10.TC3

Description The issue concerns multiple buffer overflows in the authentication functionality of the Informix Storage Manager (ISM) Portmapper service, specifically within the librpc.dll component. This allows remote attackers to execute arbitrary code by providing a crafted parameter size.

Recommendations For IBM Informix Dynamic Server (IDS) versions 10.x prior to 10.00.TC9, update to version 10.00.TC9 or later. For IBM Informix Dynamic Server (IDS) versions 11.x prior to 11.10.TC3, update to version 11.10.TC3 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-2753

ZDI-10-022

Affected Products

Ibm Informix Dynamic Server

Informix Storage Manager

Librpc.Dll

PT-2010-1272 · Ibm · Librpc.Dll+2

CVE-2009-2753

Weakness Enumeration

Related Identifiers

Affected Products

References · 11