CVE-2010-4070

Name of the Vulnerable Software and Affected Versions IBM Informix Dynamic Server (IDS) versions 7.x through 7.31.xD10 IBM Informix Dynamic Server (IDS) versions 9.x through 9.40.xC9 IBM Informix Dynamic Server (IDS) versions 10.00 through 10.00.xC7 IBM Informix Dynamic Server (IDS) versions 11.10 through 11.10.xC1

Description The issue is caused by an integer overflow in librpc.dll in portmap.exe, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted parameter size. This can result in heap memory corruption.

Recommendations For IBM Informix Dynamic Server (IDS) versions 7.x through 7.31.xD10, update to version 7.31.xD11 or later. For IBM Informix Dynamic Server (IDS) versions 9.x through 9.40.xC9, update to version 9.40.xC10 or later. For IBM Informix Dynamic Server (IDS) versions 10.00 through 10.00.xC7, update to version 10.00.xC8 or later. For IBM Informix Dynamic Server (IDS) versions 11.10 through 11.10.xC1, update to version 11.10.xC2 or later.