Vulnerability CVE-2010-4070
Published: 2010-10-25   Modified: 2012-02-13

Description:
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Informix dynamic server 

 References:
http://www.zerodayinitiative.com/advisories/ZDI-10-215/
http://www.vupen.com/english/advisories/2010/2733
http://www.osvdb.org/68706
http://secunia.com/advisories/41915
Copyright 2024, cxsecurity.com

 

Back to Top