Vulnerabilities > CVE-2009-2754 - Numeric Errors vulnerability in multiple products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ibm
emc
CWE-189
critical
exploit available
NVD
Published: 2010-03-05
Updated: 2018-10-10

Summary

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Ibm
28
Application
Emc
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMultiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability. CVE-2009-2753,CVE-2009-2754. Dos exploits for multiple platform
idEDB-ID:12109
last seen2016-02-01
modified2010-04-08
published2010-04-08
reporterZSploit.com
sourcehttps://www.exploit-db.com/download/12109/
titleMultiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/88185/zs_ids_rpc.py.txt
idPACKETSTORM:88185
last seen2016-12-05
published2010-04-09
reporterZSploit.com
sourcehttps://packetstormsecurity.com/files/88185/librpc.dll-Signedness-Error-Remote-Code-Execution.html
titlelibrpc.dll Signedness Error Remote Code Execution

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:68203
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-68203
titleMultiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability

References