CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.3%
Added: 06/10/2010
CVE: CVE-2009-2753
BID: 38471
OSVDB: 62783
Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll.
A buffer overflow vulnerability in librpc.dll allows remote attackers to execute arbitrary commands by sending a request containing an invalid credentials length parameter to the portmapper service.
Upgrade to version 10.00.TC9, 10.00.TC10, 11.10.TC3, or 11.10.TC4 or higher.
<http://secunia.com/advisories/38731>
Exploit works on Informix Dynamic Server 11.10.TC1 on Windows Server 2003 SP2 with security updates KB956802 and KB956572 installed and DEP disabled.
Windows Server 2003