CVE-2009-3699

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-3699
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.ibm.com/support/docview.wss?uid=isg1IZ62123
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825 Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ62570
http://www.ibm.com/support/docview.wss?uid=isg1IZ62569
http://www.ibm.com/support/docview.wss?uid=isg1IZ62571
http://www.securityfocus.com/bid/36615 Exploit Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ61717
http://www.osvdb.org/58726
http://www.vupen.com/english/advisories/2009/2846 Patch Vendor Advisory
http://secunia.com/advisories/36978 Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ62672
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ61628
http://www.ibm.com/support/docview.wss?uid=isg1IZ62237
http://www.ibm.com/support/docview.wss?uid=isg1IZ62572 Vendor Advisory
https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz
http://securitytracker.com/id?1022996
https://exchange.xforce.ibmcloud.com/vulnerabilities/53681
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:sp6:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:vios:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:vios:1.5.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.0.20:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.10:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3_ml03:*:*:*:*:*:*:*
cpe:2.3:a:ibm:vios:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
Information

Published : 2009-10-15 03:30

Updated : 2017-08-16 18:31

NVD link : CVE-2009-3699

Mitre link : CVE-2009-3699

JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa
Products Affected

ibm

  • aix
  • vios