CVE-2009-2754

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions 10.00.TC8 and earlier IBM Informix Dynamic Server (IDS) versions 11.10.TC2 and earlier

Description The issue is related to an integer signedness error in the authentication functionality of the librpc.dll component, used in the Informix Storage Manager (ISM) Portmapper service. This error can be exploited by remote attackers to execute arbitrary code via a crafted parameter size, triggering a stack-based buffer overflow.

Recommendations For IBM Informix Dynamic Server (IDS) versions 10.00.TC8 and earlier, update to version 10.00.TC9 or later. For IBM Informix Dynamic Server (IDS) versions 11.10.TC2 and earlier, update to version 11.10.TC3 or later.