Vulnerabilities > CVE-2009-3691 - Numeric Errors vulnerability in IBM Informix Client SDK and Informix Connect Runtime
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | IBM Informix Client SDK 3.0 nfx file integer overflow exploit. CVE-2009-3691. Remote exploit for windows platform |
| id | EDB-ID:10070 |
| last seen | 2016-02-01 |
| modified | 2009-10-05 |
| published | 2009-10-05 |
| reporter | bruiser |
| source | https://www.exploit-db.com/download/10070/ |
| title | IBM Informix Client SDK 3.0 nfx file integer Overflow Exploit |
References
- http://retrogod.altervista.org/9sg_ibm_setnet32.html
- http://secunia.com/advisories/36949
- http://securitytracker.com/id?1022985
- http://www.osvdb.org/58530
- http://www.securityfocus.com/bid/36588
- http://www.vupen.com/english/advisories/2009/2834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53644