10

CVE-2009-2754

EPSS 30.96%
Veröffentlicht 05.03.2010 16:30:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Informix Dynamic Server Version10.0

Ibm ≫ Informix Dynamic Server Version10.0.tc1

Ibm ≫ Informix Dynamic Server Version10.0.xc1

Ibm ≫ Informix Dynamic Server Version10.0.xc2e

Ibm ≫ Informix Dynamic Server Version10.0.xc3

Ibm ≫ Informix Dynamic Server Version10.0.xc3e

Ibm ≫ Informix Dynamic Server Version10.0.xc4

Ibm ≫ Informix Dynamic Server Version10.0.xc4e

Ibm ≫ Informix Dynamic Server Version10.0.xc5

Ibm ≫ Informix Dynamic Server Version10.0.xc5e

Ibm ≫ Informix Dynamic Server Version10.0.xc6

Ibm ≫ Informix Dynamic Server Version10.0.xc6e

Ibm ≫ Informix Dynamic Server Version10.0.xc7

Ibm ≫ Informix Dynamic Server Version10.0.xc7e

Ibm ≫ Informix Dynamic Server Version10.0.xc8

Ibm ≫ Informix Dynamic Server Version10.0.xc8e

Ibm ≫ Informix Dynamic Server Version10.0.xc9

Ibm ≫ Informix Dynamic Server Version10.0.xc9e

Ibm ≫ Informix Dynamic Server Version10.0.xc10

Ibm ≫ Informix Dynamic Server Version10.0.xc10e

Ibm ≫ Informix Dynamic Server Version11.1

Ibm ≫ Informix Dynamic Server Version11.10

Ibm ≫ Informix Dynamic Server Version11.10.xc1

Ibm ≫ Informix Dynamic Server Version11.10.xc1de

Ibm ≫ Informix Dynamic Server Version11.10.xc2

Ibm ≫ Informix Dynamic Server Version11.10.xc2e

Ibm ≫ Informix Dynamic Server Version11.10.xc3

Ibm ≫ Informix Dynamic Server Version11.10.xc3e

Emc ≫ Legato Networker

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	30.96%	0.966

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/38731

Vendor Advisory

http://www.ibm.com/support/docview.wss?uid=swg1IC55329

http://www.ibm.com/support/docview.wss?uid=swg1IC55330

http://www.vupen.com/english/advisories/2010/0508

Patch

Vendor Advisory

http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834

http://www.securityfocus.com/archive/1/509793/100/0/threaded

http://www.securityfocus.com/bid/38472

http://www.vupen.com/english/advisories/2010/0509

Patch

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-10-023

https://exchange.xforce.ibmcloud.com/vulnerabilities/56586

https://nvd.nist.gov/vuln/detail/CVE-2009-2754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2754

EUVD