CVE-2009-3699

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=isg1IZ62123
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ62570
http://www.ibm.com/support/docview.wss?uid=isg1IZ62569
http://www.ibm.com/support/docview.wss?uid=isg1IZ62571
http://www.securityfocus.com/bid/36615	Exploit Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ61717
http://www.osvdb.org/58726
http://www.vupen.com/english/advisories/2009/2846	Patch Vendor Advisory
http://secunia.com/advisories/36978	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ62672
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ61628
http://www.ibm.com/support/docview.wss?uid=isg1IZ62237
http://www.ibm.com/support/docview.wss?uid=isg1IZ62572	Vendor Advisory
https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz
http://securitytracker.com/id?1022996
https://exchange.xforce.ibmcloud.com/vulnerabilities/53681

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.1:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.2.0:::::::*
	cpe:2.3:o:ibm:aix:5.3:sp6::::::
	cpe:2.3:o:ibm:aix:5.3.9:::::::*
	cpe:2.3:o:ibm:aix:6.1.2:::::::*
	cpe:2.3:o:ibm:aix:6.1.1:::::::*
	cpe:2.3:a:ibm:vios:1.5.1:::::::*
	cpe:2.3:a:ibm:vios:1.5.0:::::::*
	cpe:2.3:o:ibm:aix:5:::::::*
	cpe:2.3:o:ibm:aix:5.2.2:::::::*
	cpe:2.3:o:ibm:aix:5.2.0.50:::::::*
	cpe:2.3:o:ibm:aix:5.3.8:::::::*
	cpe:2.3:o:ibm:aix:5.3.7:::::::*
	cpe:2.3:o:ibm:aix:5.3.0.20:::::::*
	cpe:2.3:o:ibm:aix:5.3_l:::::::*
	cpe:2.3:o:ibm:aix:5l:::::::*
	cpe:2.3:o:ibm:aix:6.1.3:::::::*
	cpe:2.3:o:ibm:aix:5.3.10:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1.0:::::::*
	cpe:2.3:a:ibm:vios::::::::
	cpe:2.3:o:ibm:aix:5.2_l:::::::*
	cpe:2.3:o:ibm:aix:5.2.0.54:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*
	cpe:2.3:o:ibm:aix:5.3_ml03:::::::*
	cpe:2.3:a:ibm:vios:1.5.2:::::::*
	cpe:2.3:a:ibm:vios:1.4:::::::*
	cpe:2.3:o:ibm:aix:5.1.0.10:::::::*
	cpe:2.3:o:ibm:aix:5.1l:::::::*
	cpe:2.3:o:ibm:aix:5.3.0:::::::*

Information

Published : 2009-10-15 03:30

Updated : 2017-08-16 18:31

NVD link : CVE-2009-3699

Mitre link : CVE-2009-3699

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

ibm

aix
vios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123", "name": "IZ62123", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825", "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability", "tags": ["Patch"], "refsource": "IDEFENSE"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570", "name": "IZ62570", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569", "name": "IZ62569", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571", "name": "IZ62571", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.securityfocus.com/bid/36615", "name": "36615", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717", "name": "IZ61717", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.osvdb.org/58726", "name": "58726", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2009/2846", "name": "ADV-2009-2846", "tags": ["Patch", "Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/36978", "name": "36978", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672", "name": "IZ62672", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc", "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628", "name": "IZ61628", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237", "name": "IZ62237", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572", "name": "IZ62572", "tags": ["Vendor Advisory"], "refsource": "AIXAPAR"}, {"url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz", "name": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz", "tags": [], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1022996", "name": "1022996", "tags": [], "refsource": "SECTRACK"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681", "name": "ibm-aix-rpccmsd-bo(53681)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-3699", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-10-15T10:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:sp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:vios:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:vios:1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:6.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.1.0"}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3_ml03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:vios:1.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:31Z"}

10.0 /10