SAINT CorporationSAINT:B265BA7F4A8E365988E9F0960416BA2CInformix Dynamic Server librpc.dll credentials length buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.962 High
EPSS
Percentile
99.4%
Added: 06/10/2010
CVE: CVE-2009-2753
BID: 38471
OSVDB: 62783
Background
Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll.
Problem
A buffer overflow vulnerability in librpc.dll allows remote attackers to execute arbitrary commands by sending a request containing an invalid credentials length parameter to the portmapper service.
Resolution
Upgrade to version 10.00.TC9, 10.00.TC10, 11.10.TC3, or 11.10.TC4 or higher.
References
<http://secunia.com/advisories/38731>
Limitations
Exploit works on Informix Dynamic Server 11.10.TC1 on Windows Server 2003 SP2 with security updates KB956802 and KB956572 installed and DEP disabled.
Platforms
Windows Server 2003
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.962 High
EPSS
Percentile
99.4%