CVE-2009-4240

Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/37245
http://www-01.ibm.com/support/docview.wss?uid=swg1JR30394
http://www.osvdb.org/60807
http://www-01.ibm.com/support/docview.wss?uid=swg21406224
http://secunia.com/advisories/37556	Vendor Advisory
http://www.vupen.com/english/advisories/2009/3432	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54609

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*

Information

Published : 2009-12-09 11:30

Updated : 2017-08-16 18:31

NVD link : CVE-2009-4240

Mitre link : CVE-2009-4240

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

ibm

infosphere_information_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/37245", "name": "37245", "tags": [], "refsource": "BID"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30394", "name": "JR30394", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.osvdb.org/60807", "name": "60807", "tags": [], "refsource": "OSVDB"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21406224", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21406224", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/37556", "name": "37556", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2009/3432", "name": "ADV-2009-3432", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54609", "name": "ibm-iis-setuid-bo(54609)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4240", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-12-09T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:31Z"}

10.0 /10