Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3699Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Vios

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
78.9%
top 0.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
IBM ViosIBM AIX
Timeline
PublishedOct 15
Latest updateMay 2

Description

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDibm/vios2.1.0+4
NVDibm/aix25 versions+24

Patches

Patch: labs.idefense.comPatch: www.securityfocus.comPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-jc9g-5ggm-9q3r: Stack-based buffer overflow in libcsa2022-05-02
CVEList
CVE-2009-3699: Stack-based buffer overflow in libcsa2009-10-15

💥Exploits & PoCs

1
Exploit-DB
AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 - Buffer Overflow (Metasploit)2010-11-11
CVE-2009-3699 — IBM Vios vulnerability | cvebase