9.3
CVE-2009-2727
- EPSS 26.75%
- Veröffentlicht 10.08.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:10:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 26.75% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc
http://risesecurity.org/advisories/RISE-2009001.txt
http://secunia.com/advisories/35505
http://www.ibm.com/support/docview.wss?uid=isg1IZ52842
http://www.ibm.com/support/docview.wss?uid=isg1IZ52843
http://www.ibm.com/support/docview.wss?uid=isg1IZ52844
http://www.ibm.com/support/docview.wss?uid=isg1IZ52845
http://www.ibm.com/support/docview.wss?uid=isg1IZ52846
http://www.ibm.com/support/docview.wss?uid=isg1IZ52847
http://www.ibm.com/support/docview.wss?uid=isg1IZ52848
http://www.ibm.com/support/docview.wss?uid=isg1IZ52849
http://www.ibm.com/support/docview.wss?uid=isg1IZ52850
http://www.ibm.com/support/docview.wss?uid=isg1IZ52851
http://www.securityfocus.com/bid/35419
http://www.vupen.com/english/advisories/2009/1620