Vulnerability Details : CVE-2009-2727
Public exploit exists!
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-2727
- cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2727
75.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-2727
-
ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
Disclosure Date: 2009-06-17First seen: 2020-04-26exploit/aix/rpc_ttdbserverd_realpathThis module exploits a buffer overflow vulnerability in _tt_internal_realpath function of the ToolTalk database server (rpc.ttdbserverd). Authors: - Ramon de C Valle <rcvalle@metasploit.com> - Adriano Lima <adriano@risesecurity.org>
CVSS scores for CVE-2009-2727
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-2727
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2727
-
http://risesecurity.org/advisories/RISE-2009001.txt
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52849
Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/1620
Patch;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52850
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52851
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52848
Vendor Advisory
-
http://www.securityfocus.com/bid/35419
Exploit
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52846
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52844
Vendor Advisory
-
http://aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52842
Vendor Advisory
-
http://secunia.com/advisories/35505
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52847
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52843
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ52845
Vendor Advisory
Jump to