CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.0%
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | aix | 5.2 | cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:* |
ibm | aix | 5.2.0 | cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:* |
ibm | aix | 5.2.0.50 | cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:* |
ibm | aix | 5.2.0.54 | cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:* |
ibm | aix | 5.2.2 | cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:* |
ibm | aix | 5.2_l | cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:* |
ibm | aix | 5.3 | cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:* |
ibm | aix | 5.3.0 | cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:* |
ibm | aix | 5.3.7 | cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:* |
ibm | aix | 5.3.8 | cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:* |
aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc
risesecurity.org/advisories/RISE-2009001.txt
secunia.com/advisories/35505
www.ibm.com/support/docview.wss?uid=isg1IZ52842
www.ibm.com/support/docview.wss?uid=isg1IZ52843
www.ibm.com/support/docview.wss?uid=isg1IZ52844
www.ibm.com/support/docview.wss?uid=isg1IZ52845
www.ibm.com/support/docview.wss?uid=isg1IZ52846
www.ibm.com/support/docview.wss?uid=isg1IZ52847
www.ibm.com/support/docview.wss?uid=isg1IZ52848
www.ibm.com/support/docview.wss?uid=isg1IZ52849
www.ibm.com/support/docview.wss?uid=isg1IZ52850
www.ibm.com/support/docview.wss?uid=isg1IZ52851
www.securityfocus.com/bid/35419
www.vupen.com/english/advisories/2009/1620