| Check Point Reference: |
CPAI-2010-122 |
| Date Published: |
23 Apr 2010 |
| Severity: |
Critical
|
| Last Updated: |
Friday 01 January, 2010 |
| Source: |
Secunia Advisory: SA38731 |
| Industry Reference: |
CVE-2009-2753
|
| Protection Provided by: |
|
| Who is Vulnerable? | IBM Informix Dynamic Server prior to 10.00.TC9
IBM Informix Dynamic Server prior to 11.10.TC3 |
| Vulnerability Description |
Multiple buffer overflow vulnerabilities have been reported in IBM's Informix Dynamic Server. The vulnerabilities are due to insufficient validation of user inputs during authentication by the RPC protocol parsing library, librpc.dll. This library is used by the Portmapper service (portmap.exe) which runs on port TCP/36890. A remote attacker could exploit the vulnerability by sending malicious RPC packets to the target server, potentially leading to execution of remote code on the target system. |
| Vulnerability Status | |
| Update/Patch Avaliable | The vendor, IBM, has released an advisory addressing this vulnerability:
|
| Vulnerability Details | Informix is a family of relational database management system (RDBMS) products by IBM, positioned as IBM's flagship data server for online transaction processing. The vulnerabilities exist in the RPC library of IBM Informix port mapper module, librpc.dll. Successful exploitation of the vulnerabilities allows execution of arbitrary code.
|
Feedback