CVE-2009-3699

Sažetak

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Reference

http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825
http://secunia.com/advisories/36978
http://securitytracker.com/id?1022996
http://www.ibm.com/support/docview.wss?uid=isg1IZ61628
http://www.ibm.com/support/docview.wss?uid=isg1IZ61717
http://www.ibm.com/support/docview.wss?uid=isg1IZ62123
http://www.ibm.com/support/docview.wss?uid=isg1IZ62237
http://www.ibm.com/support/docview.wss?uid=isg1IZ62569
http://www.ibm.com/support/docview.wss?uid=isg1IZ62570
http://www.ibm.com/support/docview.wss?uid=isg1IZ62571
http://www.ibm.com/support/docview.wss?uid=isg1IZ62572
http://www.ibm.com/support/docview.wss?uid=isg1IZ62672
http://www.osvdb.org/58726
http://www.securityfocus.com/bid/36615
http://www.vupen.com/english/advisories/2009/2846
https://exchange.xforce.ibmcloud.com/vulnerabilities/53681
https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

15-10-2009 - 10:30