github - ghsa-jc9g-5ggm-9q3r

GHSA-JC9G-5GGM-9Q3R

Vulnerability from github – Published: 2022-05-02 03:47 – Updated: 2022-05-02 03:47

Details

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-10-15T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.",
  "id": "GHSA-jc9g-5ggm-9q3r",
  "modified": "2022-05-02T03:47:45Z",
  "published": "2022-05-02T03:47:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3699"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
    },
    {
      "type": "WEB",
      "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36978"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022996"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/58726"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36615"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2846"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2009-3699 (GCVE-0-2009-3699)

Vulnerability from cvelistv5 – Published: 2009-10-15 10:00 – Updated: 2024-08-07 06:38

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2009/2846	vdb-entryx_refsource_VUPEN
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62237	vendor-advisoryx_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62570	vendor-advisoryx_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ61628	vendor-advisoryx_refsource_AIXAPAR
	http://securitytracker.com/id?1022996	vdb-entryx_refsource_SECTRACK
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://aix.software.ibm.com/aix/efixes/security/c…	x_refsource_CONFIRM
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62569	vendor-advisoryx_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62571	vendor-advisoryx_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62123	vendor-advisoryx_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62672	vendor-advisoryx_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62572	vendor-advisoryx_refsource_AIXAPAR
	http://secunia.com/advisories/36978	third-party-advisoryx_refsource_SECUNIA
	http://www.ibm.com/support/docview.wss?uid=isg1IZ61717	vendor-advisoryx_refsource_AIXAPAR
	https://www.immunityinc.com/downloads/immpartners…	x_refsource_MISC
	http://www.osvdb.org/58726	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/36615	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-2846",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2846"
          },
          {
            "name": "IZ62237",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
          },
          {
            "name": "IZ62570",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
          },
          {
            "name": "IZ61628",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
          },
          {
            "name": "1022996",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022996"
          },
          {
            "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
          },
          {
            "name": "IZ62569",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
          },
          {
            "name": "ibm-aix-rpccmsd-bo(53681)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
          },
          {
            "name": "IZ62571",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
          },
          {
            "name": "IZ62123",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
          },
          {
            "name": "IZ62672",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
          },
          {
            "name": "IZ62572",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
          },
          {
            "name": "36978",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36978"
          },
          {
            "name": "IZ61717",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
          },
          {
            "name": "58726",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/58726"
          },
          {
            "name": "36615",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36615"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-2846",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2846"
        },
        {
          "name": "IZ62237",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
        },
        {
          "name": "IZ62570",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
        },
        {
          "name": "IZ61628",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
        },
        {
          "name": "1022996",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022996"
        },
        {
          "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
        },
        {
          "name": "IZ62569",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
        },
        {
          "name": "ibm-aix-rpccmsd-bo(53681)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
        },
        {
          "name": "IZ62571",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
        },
        {
          "name": "IZ62123",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
        },
        {
          "name": "IZ62672",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
        },
        {
          "name": "IZ62572",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
        },
        {
          "name": "36978",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36978"
        },
        {
          "name": "IZ61717",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
        },
        {
          "name": "58726",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/58726"
        },
        {
          "name": "36615",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36615"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3699",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2846",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2846"
            },
            {
              "name": "IZ62237",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
            },
            {
              "name": "IZ62570",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
            },
            {
              "name": "IZ61628",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
            },
            {
              "name": "1022996",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022996"
            },
            {
              "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
            },
            {
              "name": "IZ62569",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
            },
            {
              "name": "ibm-aix-rpccmsd-bo(53681)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
            },
            {
              "name": "IZ62571",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
            },
            {
              "name": "IZ62123",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
            },
            {
              "name": "IZ62672",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
            },
            {
              "name": "IZ62572",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
            },
            {
              "name": "36978",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36978"
            },
            {
              "name": "IZ61717",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
            },
            {
              "name": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz",
              "refsource": "MISC",
              "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
            },
            {
              "name": "58726",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/58726"
            },
            {
              "name": "36615",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36615"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3699",
    "datePublished": "2009-10-15T10:00:00",
    "dateReserved": "2009-10-14T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-JC9G-5GGM-9Q3R

CVE-2009-3699 (GCVE-0-2009-3699)

Tags

Sightings

Nomenclature