CVE-2010-4070

Severity

99%

Complexity

99%

Confidentiality

165%

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

IBM Informix

First reported 14 years ago

2010-10-25 20:01:00

Last updated 14 years ago

2010-10-27 04:00:00

Affected Software

IBM Informix IDS 7.31

7.31

IBM Informix IDS 9.40.TC5

9.40.tc5

IBM Informix IDS 9.40.UC1

9.40.uc1

IBM Informix IDS 9.40.UC2

9.40.uc2

IBM Informix IDS 9.40.UC3

9.40.uc3

IBM Informix IDS 9.40.UC5

9.40.uc5

IBM Informix IDS 9.40.xC5

9.40.xc5

IBM Informix IDS 9.40.xC7

9.40.xc7

IBM Informix Dynamic Server 10.00

10.00

IBM Informix Dynamic Server 10.00.TC3TL

10.00.tc3tl

IBM Informix Dynamic Server 10.00.xC4

10.00.xc4

IBM Informix Dynamic Server 10.00.xC5

10.00.xc5

IBM Informix Dynamic Server 10.00.xC6

10.00.xc6

IBM Informix Dynamic Server 10.00.xC8

10.00.xc8

IBM Informix Dynamic Server 10.00.xC9

10.00.xc9

IBM Informix Dynamic Server 10.00.xC10

10.00.xc10

IBM Informix Dynamic Server 11.10

11.10

IBM Informix Dynamic Server 11.10.TB4TL

11.10.tb4tl

IBM Informix Dynamic Server 11.10.xC1

11.10.xc1

References

41915

Vendor Advisory

68706

ADV-2010-2733

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-10-215/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.