CVE-2009-3699

Published Oct 15, 2009

Last updated 8 years ago

CVSS info 10.0

Overview

Description: Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A99FBC6A-75A0-433F-BD5A-ECBFDF1D9BF8",
            "versionEndIncluding": "2.1.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2AB87CE-4A33-4C35-8A5B-FC2696712550"
          },
          {
            "criteria": "cpe:2.3:a:ibm:vios:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "732619AA-7504-4B02-9878-D23D2CD4AEE1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:vios:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10D42BF-B7FB-4977-B4C2-3FC6B87BBCEA"
          },
          {
            "criteria": "cpe:2.3:a:ibm:vios:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07D7B5D5-9C6C-4EFD-8433-6A134B824EC1"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D084700A-713E-48C9-8ED9-A55024552B78"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54254625-FC83-4617-8161-CA1FB3092753"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E38D56-80BA-460C-A296-ED7F506E4364"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8A7DBFF-B11B-47EC-9E52-C12B156739D5"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B380F93D-5B13-49D0-B130-D45C2849A135"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11C8004D-639C-47BC-BE3E-CF5F06C1679C"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBD01F19-4B30-4147-AC48-7F5C64EE80CD"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "104E5C14-6D87-494B-8D60-0443ADDCD31A"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3:sp6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BBBA4A5-D191-41D0-886C-C428F4F6252C"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6DE57C2-E728-4016-9774-28FB4B0509AB"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3.0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE79D7E9-DF50-42FD-A255-FF2A29131946"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57B11497-5622-4759-906A-A93A3E815584"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F9CD013-D904-45DF-AD43-493A22D5744B"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "307B47F5-D903-4763-A353-2538AFD6C9CD"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A16950BB-11BC-4A40-BB3B-841807BB2546"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "435340B0-AD02-4174-BC7F-6A7C222A7F6D"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5.3_ml03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AEF9658-0479-43E5-99A2-620ED3E018E4"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:5l:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCFE1A11-6750-4275-B5F7-CFFCD5308D0D"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF417123-CCB6-48AF-A21B-1974173D516B"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "362CFB2F-817A-4E55-A315-86B6243E3F74"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53544921-1C1A-4382-99D7-0F3011BA76DB"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:6.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15FF1838-81E0-4AFE-8DEE-505CC7692CE9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References