Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (UNIX)  >   IBM AIX Vendors:   IBM
IBM AIX Buffer Overflow in 'rpc.cmsd' Lets Remote Users Obtain Root Privileges
SecurityTracker Alert ID:  1022996
SecurityTracker URL:
CVE Reference:   CVE-2009-3699   (Links to External Site)
Updated:  Oct 20 2009
Original Entry Date:  Oct 7 2009
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.3, 6.1; and prior versions
Description:   A vulnerability was reported in the IBM AIX calendar daemon. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the calendar daemon ('rpc.cmsd') to trigger a buffer overflow in the calendar daemon library ('libcsa.a') and execute arbitrary code on the target system. The code will run with root privileges.

Rodrigo Rubira Branco and iDefense Labs reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system with root privileges.
Solution:   The vendor has issued the following APARs (with availability date shown):

5.3.0 IZ62672 interm fix only
5.3.7 IZ61628 11/11/09 (sp10)
5.3.8 IZ62237 11/11/09 (sp8)
5.3.9 IZ61717 11/11/09 (sp5)
5.3.10 IZ62123 11/11/09 (sp2)
6.1.0 IZ62569 12/16/09 (sp11)
6.1.1 IZ62570 12/16/09 (sp7)
6.1.2 IZ62571 12/16/09 (sp6)
6.1.3 IZ62572 12/16/09 (sp3)

The vendor's advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC