Vulnerability CVE-2010-4070


Published: 2010-10-25   Modified: 2012-02-13

Description:
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.

Type:

CWE-189

(Numeric Errors)

Vendor: IBM
Product: Informix dynamic server 
Version:
9.40.xc7
9.40.xc5
9.40.uc5
9.40.uc3
9.40.uc2
9.40.uc1
9.40.tc5
7.31
11.50
11.10.xc1de
11.10.xc1
11.10.tb4tl
11.10
10.00.xc9
10.00.xc8
10.00.xc7w1
10.00.xc6
10.00.xc5
10.00.xc4
10.00.xc3
10.00.xc2
10.00.xc10
10.00.xc1
10.00.tc3tl
10.00

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.zerodayinitiative.com/advisories/ZDI-10-215/
http://www.vupen.com/english/advisories/2010/2733
http://www.osvdb.org/68706
http://secunia.com/advisories/41915

Related CVE
CVE-2019-4241
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.
CVE-2019-4235
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
CVE-2019-4234
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force...
CVE-2019-4225
IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
CVE-2019-4224
IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM ...
CVE-2019-4382
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.
CVE-2019-4377
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.
CVE-2019-4158
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.

Copyright 2019, cxsecurity.com

 

Back to Top