Informix Dynamic Server librpc.dll credentials length buffer overflow

2010-06-10T00:00:00
ID SAINT:8643032B23B2209EDED2D5304ECDE3E7
Type saint
Reporter SAINT Corporation
Modified 2010-06-10T00:00:00

Description

Added: 06/10/2010
CVE: CVE-2009-2753
BID: 38471
OSVDB: 62783

Background

Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll.

Problem

A buffer overflow vulnerability in librpc.dll allows remote attackers to execute arbitrary commands by sending a request containing an invalid credentials length parameter to the portmapper service.

Resolution

Upgrade to version 10.00.TC9, 10.00.TC10, 11.10.TC3, or 11.10.TC4 or higher.

References

<http://secunia.com/advisories/38731>

Limitations

Exploit works on Informix Dynamic Server 11.10.TC1 on Windows Server 2003 SP2 with security updates KB956802 and KB956572 installed and DEP disabled.

Platforms

Windows Server 2003