CVE - CVE-2009-3699

CVE-ID
CVE-2009-3699	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IZ61628 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ61628 AIXAPAR:IZ61717 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ61717 AIXAPAR:IZ62123 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ62123 AIXAPAR:IZ62237 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ62237 AIXAPAR:IZ62569 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ62569 AIXAPAR:IZ62570 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ62570 AIXAPAR:IZ62571 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ62571 AIXAPAR:IZ62572 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ62572 AIXAPAR:IZ62672 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ62672 BID:36615 URL:http://www.securityfocus.com/bid/36615 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc IDEFENSE:20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825 MISC:https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz OSVDB:58726 URL:~~http://www.osvdb.org/58726~~ (Obsolete source) SECTRACK:1022996 URL:http://securitytracker.com/id?1022996 SECUNIA:36978 URL:http://secunia.com/advisories/36978 VUPEN:ADV-2009-2846 URL:~~http://www.vupen.com/english/advisories/2009/2846~~ (Obsolete source) XF:ibm-aix-rpccmsd-bo(53681) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/53681
Assigning CNA
MITRE Corporation
Date Record Created
20091014	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091014)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)