CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2753

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile12.75th
PublishedMar 5, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.

Affected Platforms (CPE)

πŸ“¦
Ibm

Informix Dynamic Server

= 10.0
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.tc1
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc1
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc2e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc3
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc3e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc4
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc4e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc5
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc5e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc6
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc6e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc7
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc7e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc8
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc8e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc9
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc9e
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc10
πŸ“¦
Ibm

Informix Dynamic Server

= 10.0.xc10e
πŸ“¦
Ibm

Informix Dynamic Server

= 11.1
πŸ“¦
Ibm

Informix Dynamic Server

= 11.10
πŸ“¦
Ibm

Informix Dynamic Server

= 11.10.xc1
πŸ“¦
Ibm

Informix Dynamic Server

= 11.10.xc1de
πŸ“¦
Ibm

Informix Dynamic Server

= 11.10.xc2
πŸ“¦
Ibm

Informix Dynamic Server

= 11.10.xc2e
πŸ“¦
Ibm

Informix Dynamic Server

= 11.10.xc3
πŸ“¦
Ibm

Informix Dynamic Server

= 11.10.xc3e

References & Advisories

πŸ”— http://secunia.com/advisories/38731
πŸ”— http://securitytracker.com/id?1023669
πŸ”— http://www.ibm.com/support/docview.wss?uid=swg1IC55329
πŸ”— http://www.ibm.com/support/docview.wss?uid=swg1IC55330
πŸ”— http://www.securityfocus.com/archive/1/509789/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/38471
πŸ”— http://www.vupen.com/english/advisories/2010/0508
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-10-022

Related Vulnerabilities

CVE-2008-094910.0

Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a m...

CVE-2009-275410.0

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper servic...

CVE-2008-076810.0

Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used...

CVE-2010-407010.0

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic ...