CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.3%
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | vios | * | cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:* |
ibm | vios | 1.4 | cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:* |
ibm | vios | 1.5.0 | cpe:2.3:a:ibm:vios:1.5.0:*:*:*:*:*:*:* |
ibm | vios | 1.5.1 | cpe:2.3:a:ibm:vios:1.5.1:*:*:*:*:*:*:* |
ibm | vios | 1.5.2 | cpe:2.3:a:ibm:vios:1.5.2:*:*:*:*:*:*:* |
ibm | aix | 5 | cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:* |
ibm | aix | 5.1 | cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:* |
ibm | aix | 5.1.0.10 | cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:* |
ibm | aix | 5.1l | cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:* |
ibm | aix | 5.2 | cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:* |
aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
labs.idefense.com/intelligence/vulnerabilities/display.php?id=825
secunia.com/advisories/36978
securitytracker.com/id?1022996
www.ibm.com/support/docview.wss?uid=isg1IZ61628
www.ibm.com/support/docview.wss?uid=isg1IZ61717
www.ibm.com/support/docview.wss?uid=isg1IZ62123
www.ibm.com/support/docview.wss?uid=isg1IZ62237
www.ibm.com/support/docview.wss?uid=isg1IZ62569
www.ibm.com/support/docview.wss?uid=isg1IZ62570
www.ibm.com/support/docview.wss?uid=isg1IZ62571
www.ibm.com/support/docview.wss?uid=isg1IZ62572
www.ibm.com/support/docview.wss?uid=isg1IZ62672
www.osvdb.org/58726
www.securityfocus.com/bid/36615
www.vupen.com/english/advisories/2009/2846
exchange.xforce.ibmcloud.com/vulnerabilities/53681
www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz