CVE-2009-2753: Buffer Overflow
First published: Fri Mar 05 2010(Updated: )
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Informix Dynamic Server | =10.0.xc5e | |
| IBM Informix Dynamic Server | =10.0.xc4 | |
| IBM Informix Dynamic Server | =11.10 | |
| IBM Informix Dynamic Server | =10.0.xc9e | |
| IBM Informix Dynamic Server | =11.1 | |
| IBM Informix Dynamic Server | =10.0.xc10 | |
| IBM Informix Dynamic Server | =10.0.xc1 | |
| IBM Informix Dynamic Server | =10.0.xc7e | |
| IBM Informix Dynamic Server | =10.0.xc6 | |
| IBM Informix Dynamic Server | =10.0.xc10e | |
| IBM Informix Dynamic Server | =10.0.xc3 | |
| IBM Informix Dynamic Server | =11.10.xc1 | |
| IBM Informix Dynamic Server | =11.10.xc3e | |
| IBM Informix Dynamic Server | =10.0.xc6e | |
| IBM Informix Dynamic Server | =10.0 | |
| IBM Informix Dynamic Server | =10.0.tc1 | |
| IBM Informix Dynamic Server | =10.0.xc9 | |
| IBM Informix Dynamic Server | =10.0.xc5 | |
| IBM Informix Dynamic Server | =11.10.xc2e | |
| IBM Informix Dynamic Server | =10.0.xc8 | |
| IBM Informix Dynamic Server | =10.0.xc8e | |
| IBM Informix Dynamic Server | =10.0.xc3e | |
| IBM Informix Dynamic Server | =10.0.xc7 | |
| IBM Informix Dynamic Server | =11.10.xc1de | |
| IBM Informix Dynamic Server | =10.0.xc4e | |
| IBM Informix Dynamic Server | =11.10.xc2 | |
| IBM Informix Dynamic Server | =11.10.xc3 | |
| IBM Informix Dynamic Server | =10.0.xc2e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/0508
- http://www.ibm.com/support/docview.wss?uid=swg1IC55330
- http://secunia.com/advisories/38731
- http://www.zerodayinitiative.com/advisories/ZDI-10-022
- http://www.ibm.com/support/docview.wss?uid=swg1IC55329
- http://securitytracker.com/id?1023669
- http://www.securityfocus.com/bid/38471
- http://www.securityfocus.com/archive/1/509789/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2009-2753?
CVE-2009-2753 is rated as high severity due to its potential for remote code execution.
How do I fix CVE-2009-2753?
To fix CVE-2009-2753, apply the latest patches or updates provided by IBM for the affected versions of IBM Informix Dynamic Server.
Which versions of IBM Informix Dynamic Server are affected by CVE-2009-2753?
CVE-2009-2753 affects IBM Informix Dynamic Server versions 10.x before 10.00.TC9 and 11.x before 11.10.TC3.
What types of attacks are possible with CVE-2009-2753?
CVE-2009-2753 allows remote attackers to exploit buffer overflows leading to arbitrary code execution.
Is there a workaround for CVE-2009-2753?
While upgrading to a patched version is the best option, disabling the portmapper service can serve as a temporary workaround for CVE-2009-2753.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm informix dynamic server
- version/ibm informix dynamic server/10.0.xc5e
- version/ibm informix dynamic server/10.0.xc4
- version/ibm informix dynamic server/11.10
- version/ibm informix dynamic server/10.0.xc9e
- version/ibm informix dynamic server/11.1
- version/ibm informix dynamic server/10.0.xc10
- version/ibm informix dynamic server/10.0.xc1
- version/ibm informix dynamic server/10.0.xc7e
- version/ibm informix dynamic server/10.0.xc6
- version/ibm informix dynamic server/10.0.xc10e
- version/ibm informix dynamic server/10.0.xc3
- version/ibm informix dynamic server/11.10.xc1
- version/ibm informix dynamic server/11.10.xc3e
- version/ibm informix dynamic server/10.0.xc6e
- version/ibm informix dynamic server/10.0
- version/ibm informix dynamic server/10.0.tc1
- version/ibm informix dynamic server/10.0.xc9
- version/ibm informix dynamic server/10.0.xc5
- version/ibm informix dynamic server/11.10.xc2e
- version/ibm informix dynamic server/10.0.xc8
- version/ibm informix dynamic server/10.0.xc8e
- version/ibm informix dynamic server/10.0.xc3e
- version/ibm informix dynamic server/10.0.xc7
- version/ibm informix dynamic server/11.10.xc1de
- version/ibm informix dynamic server/10.0.xc4e
- version/ibm informix dynamic server/11.10.xc2
- version/ibm informix dynamic server/11.10.xc3
- version/ibm informix dynamic server/10.0.xc2e