Vulnerability Details : CVE-2009-3699
Public exploit exists!
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-3699
- cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.0.20:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3_ml03:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:sp6:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.10:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3699
73.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-3699
-
AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow
Disclosure Date: 2009-10-07First seen: 2020-04-26exploit/aix/rpc_cmsd_opcode21This module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code executio
CVSS scores for CVE-2009-3699
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-3699
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3699
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ61628
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825
Patch
-
http://www.securityfocus.com/bid/36615
IBM AIX 'rpc.cmsd' Calendar Daemon Remote Stack Buffer Overflow VulnerabilityExploit;Patch
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ61717
-
http://securitytracker.com/id?1022996
-
http://www.vupen.com/english/advisories/2009/2846
Patch;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62237
-
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62569
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62672
-
https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62572
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62123
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62571
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/53681
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62570
Jump to