Lucene search

[email protected]CVE-2009-2753

HistoryMar 05, 2010 - 4:30 p.m.

CVE-2009-2753

2010-03-0516:30:00

CWE-119

[email protected]

web.nvd.nist.gov

buffer overflow

remote code execution

librpc.dll

ibm informix dynamic server

cve-2009-2753

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.954 High

EPSS

Percentile

99.4%

JSON

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.

Affected configurations

NVD

Node

ibminformix_dynamic_serverMatch10.0

ibminformix_dynamic_serverMatch10.0.tc1

ibminformix_dynamic_serverMatch10.0.xc1

ibminformix_dynamic_serverMatch10.0.xc2e

ibminformix_dynamic_serverMatch10.0.xc3

ibminformix_dynamic_serverMatch10.0.xc3e

ibminformix_dynamic_serverMatch10.0.xc4

ibminformix_dynamic_serverMatch10.0.xc4e

ibminformix_dynamic_serverMatch10.0.xc5

ibminformix_dynamic_serverMatch10.0.xc5e

ibminformix_dynamic_serverMatch10.0.xc6

ibminformix_dynamic_serverMatch10.0.xc6e

ibminformix_dynamic_serverMatch10.0.xc7

ibminformix_dynamic_serverMatch10.0.xc7e

ibminformix_dynamic_serverMatch10.0.xc8

ibminformix_dynamic_serverMatch10.0.xc8e

ibminformix_dynamic_serverMatch10.0.xc9

ibminformix_dynamic_serverMatch10.0.xc9e

ibminformix_dynamic_serverMatch10.0.xc10

ibminformix_dynamic_serverMatch10.0.xc10e

ibminformix_dynamic_serverMatch11.1

ibminformix_dynamic_serverMatch11.10

ibminformix_dynamic_serverMatch11.10.xc1

ibminformix_dynamic_serverMatch11.10.xc1de

ibminformix_dynamic_serverMatch11.10.xc2

ibminformix_dynamic_serverMatch11.10.xc2e

ibminformix_dynamic_serverMatch11.10.xc3

ibminformix_dynamic_serverMatch11.10.xc3e

CPENameOperatorVersion
ibm:informix_dynamic_serveribm informix dynamic servereq10.0
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.tc1
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc1
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc2e
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc3
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc3e
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc4
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc4e
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc5
ibm:informix_dynamic_serveribm informix dynamic servereq10.0.xc5e

CPE	Name	Operator	Version
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.tc1
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc1
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc2e
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc3
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc3e
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc4
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc4e
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc5
ibm:informix_dynamic_server	ibm informix dynamic server	eq	10.0.xc5e