CVE-2009-3699 Information

Feb 14, 2021 cve

Description

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3 and VIOS 2.1 and earlier allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Reference

http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825 http://secunia.com/advisories/36978 http://securitytracker.com/id?1022996 http://www.ibm.com/support/docview.wss?uid=isg1IZ61628 http://www.ibm.com/support/docview.wss?uid=isg1IZ61717 http://www.ibm.com/support/docview.wss?uid=isg1IZ62123 http://www.ibm.com/support/docview.wss?uid=isg1IZ62237 http://www.ibm.com/support/docview.wss?uid=isg1IZ62569 http://www.ibm.com/support/docview.wss?uid=isg1IZ62570 http://www.ibm.com/support/docview.wss?uid=isg1IZ62571 http://www.ibm.com/support/docview.wss?uid=isg1IZ62572 http://www.ibm.com/support/docview.wss?uid=isg1IZ62672 http://www.osvdb.org/58726 http://www.securityfocus.com/bid/36615 http://www.vupen.com/english/advisories/2009/2846 https://exchange.xforce.ibmcloud.com/vulnerabilities/53681 https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz

Share on: