CVE-2009-2754

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
ibminformix_dynamic_server
10.0
ibminformix_dynamic_server
10.0.tc1:tc1
ibminformix_dynamic_server
10.0.xc1:xc1
ibminformix_dynamic_server
10.0.xc2e:xc2e
ibminformix_dynamic_server
10.0.xc3:xc3
ibminformix_dynamic_server
10.0.xc3e:xc3e
ibminformix_dynamic_server
10.0.xc4:xc4
ibminformix_dynamic_server
10.0.xc4e:xc4e
ibminformix_dynamic_server
10.0.xc5:xc5
ibminformix_dynamic_server
10.0.xc5e:xc5e
ibminformix_dynamic_server
10.0.xc6:xc6
ibminformix_dynamic_server
10.0.xc6e:xc6e
ibminformix_dynamic_server
10.0.xc7:xc7
ibminformix_dynamic_server
10.0.xc7e:xc7e
ibminformix_dynamic_server
10.0.xc8:xc8
ibminformix_dynamic_server
10.0.xc8e:xc8e
ibminformix_dynamic_server
10.0.xc9:xc9
ibminformix_dynamic_server
10.0.xc9e:xc9e
ibminformix_dynamic_server
10.0.xc10:xc10
ibminformix_dynamic_server
10.0.xc10e:xc10e
ibminformix_dynamic_server
11.1
ibminformix_dynamic_server
11.10
ibminformix_dynamic_server
11.10.xc1:xc1
ibminformix_dynamic_server
11.10.xc1de:xc1de
ibminformix_dynamic_server
11.10.xc2:xc2
ibminformix_dynamic_server
11.10.xc2e:xc2e
ibminformix_dynamic_server
11.10.xc3:xc3
ibminformix_dynamic_server
11.10.xc3e:xc3e
emclegato_networker
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834
http://secunia.com/advisories/38731
http://www.ibm.com/support/docview.wss?uid=swg1IC55329
http://www.ibm.com/support/docview.wss?uid=swg1IC55330
http://www.securityfocus.com/archive/1/509793/100/0/threaded
http://www.securityfocus.com/bid/38472
http://www.vupen.com/english/advisories/2010/0508
http://www.vupen.com/english/advisories/2010/0509
http://www.zerodayinitiative.com/advisories/ZDI-10-023
https://exchange.xforce.ibmcloud.com/vulnerabilities/56586
http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834
http://secunia.com/advisories/38731
http://www.ibm.com/support/docview.wss?uid=swg1IC55329
http://www.ibm.com/support/docview.wss?uid=swg1IC55330
http://www.securityfocus.com/archive/1/509793/100/0/threaded
http://www.securityfocus.com/bid/38472
http://www.vupen.com/english/advisories/2010/0508
http://www.vupen.com/english/advisories/2010/0509
http://www.zerodayinitiative.com/advisories/ZDI-10-023
https://exchange.xforce.ibmcloud.com/vulnerabilities/56586