Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Ibm
  • Informix Dynamic Server
Emc
  • Legato Networker

Configuration 1 [-]

OR cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.tc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc2e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1de:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2e:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3e:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:emc:legato_networker:*:*:*:*:*:*:*:*
References
Link Resource
http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834
http://secunia.com/advisories/38731 Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg1IC55329
http://www.ibm.com/support/docview.wss?uid=swg1IC55330
http://www.securityfocus.com/archive/1/509793/100/0/threaded
http://www.securityfocus.com/bid/38472
http://www.vupen.com/english/advisories/2010/0508 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2010/0509 Patch Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-023
https://exchange.xforce.ibmcloud.com/vulnerabilities/56586
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-05T16:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2009-08-12T00:00:00

Link: CVE-2009-2754

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-03-05T16:30:00.583

Modified: 2018-10-10T19:42:11.233

Link: CVE-2009-2754

JSON object: View

cve-icon Redhat Information

No data.

CWE