Lucene search
SAINT CorporationSAINT:8643032B23B2209EDED2D5304ECDE3E7HistoryJun 10, 2010 - 12:00 a.m.
Informix Dynamic Server librpc.dll credentials length buffer overflow
2010-06-1000:00:00
SAINT Corporation
www.saintcorporation.com
16
0.962 High
EPSS
Percentile
99.4%
Added: 06/10/2010
CVE: CVE-2009-2753
BID: 38471
OSVDB: 62783
Background
Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll.
Problem
A buffer overflow vulnerability in librpc.dll allows remote attackers to execute arbitrary commands by sending a request containing an invalid credentials length parameter to the portmapper service.
Resolution
Upgrade to version 10.00.TC9, 10.00.TC10, 11.10.TC3, or 11.10.TC4 or higher.
References
<http://secunia.com/advisories/38731>
Limitations
Exploit works on Informix Dynamic Server 11.10.TC1 on Windows Server 2003 SP2 with security updates KB956802 and KB956572 installed and DEP disabled.
Platforms
Windows Server 2003
Related
saint
saint
Informix Dynamic Server librpc.dll credentials length buffer overflow
2010-06-10 00:00:00
Informix Dynamic Server librpc.dll credentials length buffer overflow
2010-06-10 00:00:00
Informix Dynamic Server librpc.dll credentials length buffer overflow
2010-06-10 00:00:00
prion
prion
Buffer overflow
2010-03-05 16:30:00
zdi
zdi
IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities
2010-03-01 00:00:00
securityvulns
securityvulns
ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities
2010-03-04 00:00:00
librpc.dll library multiple security vulnerabilities
2010-03-04 00:00:00
cve
cve
CVE-2009-2753
2010-03-05 16:30:00
checkpoint_advisories
checkpoint_advisories