Back to search
CVE-2009-2754
Published: Mar 5, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
38731
third-party-advisory
x_refsource_SECUNIA
20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability
mailing-list
x_refsource_BUGTRAQ
ADV-2010-0508
vdb-entry
x_refsource_VUPEN
IC55329
vendor-advisory
x_refsource_AIXAPAR
IC55330
vendor-advisory
x_refsource_AIXAPAR
http://www.zerodayinitiative.com/advisories/ZDI-10-023
x_refsource_MISC
ibm-ids-portmap-bo(56586)
vdb-entry
x_refsource_XF
ADV-2010-0509
vdb-entry
x_refsource_VUPEN
38472
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now