github - ghsa-jc9g-5ggm-9q3r

ghsa-jc9g-5ggm-9q3r

Vulnerability from github

Published

2022-05-02 03:47

Modified

2022-05-02 03:47

Details

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-10-15T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.",
  "id": "GHSA-jc9g-5ggm-9q3r",
  "modified": "2022-05-02T03:47:45Z",
  "published": "2022-05-02T03:47:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3699"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
    },
    {
      "type": "WEB",
      "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36978"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022996"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/58726"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36615"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2846"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2009-3699

Vulnerability from cvelistv5

Published

2009-10-15 10:00

Modified

2024-08-07 06:38

Severity ?

Summary

References

▼	URL	Tags
	http://www.vupen.com/english/advisories/2009/2846	vdb-entry, x_refsource_VUPEN
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62237	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62570	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ61628	vendor-advisory, x_refsource_AIXAPAR
	http://securitytracker.com/id?1022996	vdb-entry, x_refsource_SECTRACK
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825	third-party-advisory, x_refsource_IDEFENSE
	http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc	x_refsource_CONFIRM
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62569	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/53681	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62571	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62123	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62672	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=isg1IZ62572	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/36978	third-party-advisory, x_refsource_SECUNIA
	http://www.ibm.com/support/docview.wss?uid=isg1IZ61717	vendor-advisory, x_refsource_AIXAPAR
	https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz	x_refsource_MISC
	http://www.osvdb.org/58726	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/36615	vdb-entry, x_refsource_BID

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-2846",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2846"
          },
          {
            "name": "IZ62237",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
          },
          {
            "name": "IZ62570",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
          },
          {
            "name": "IZ61628",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
          },
          {
            "name": "1022996",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022996"
          },
          {
            "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
          },
          {
            "name": "IZ62569",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
          },
          {
            "name": "ibm-aix-rpccmsd-bo(53681)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
          },
          {
            "name": "IZ62571",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
          },
          {
            "name": "IZ62123",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
          },
          {
            "name": "IZ62672",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
          },
          {
            "name": "IZ62572",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
          },
          {
            "name": "36978",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36978"
          },
          {
            "name": "IZ61717",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
          },
          {
            "name": "58726",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/58726"
          },
          {
            "name": "36615",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36615"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-2846",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2846"
        },
        {
          "name": "IZ62237",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
        },
        {
          "name": "IZ62570",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
        },
        {
          "name": "IZ61628",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
        },
        {
          "name": "1022996",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022996"
        },
        {
          "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
        },
        {
          "name": "IZ62569",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
        },
        {
          "name": "ibm-aix-rpccmsd-bo(53681)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
        },
        {
          "name": "IZ62571",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
        },
        {
          "name": "IZ62123",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
        },
        {
          "name": "IZ62672",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
        },
        {
          "name": "IZ62572",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
        },
        {
          "name": "36978",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36978"
        },
        {
          "name": "IZ61717",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
        },
        {
          "name": "58726",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/58726"
        },
        {
          "name": "36615",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36615"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3699",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2846",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2846"
            },
            {
              "name": "IZ62237",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237"
            },
            {
              "name": "IZ62570",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570"
            },
            {
              "name": "IZ61628",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628"
            },
            {
              "name": "1022996",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022996"
            },
            {
              "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc"
            },
            {
              "name": "IZ62569",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569"
            },
            {
              "name": "ibm-aix-rpccmsd-bo(53681)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681"
            },
            {
              "name": "IZ62571",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571"
            },
            {
              "name": "IZ62123",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123"
            },
            {
              "name": "IZ62672",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672"
            },
            {
              "name": "IZ62572",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572"
            },
            {
              "name": "36978",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36978"
            },
            {
              "name": "IZ61717",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717"
            },
            {
              "name": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz",
              "refsource": "MISC",
              "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz"
            },
            {
              "name": "58726",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/58726"
            },
            {
              "name": "36615",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36615"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3699",
    "datePublished": "2009-10-15T10:00:00",
    "dateReserved": "2009-10-14T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted