Vulnerability Details : CVE-2009-3699
Public exploit exists!
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-3699
Probability of exploitation activity in the next 30 days: 75.53%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2009-3699
-
AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow
Disclosure Date: 2009-10-07First seen: 2020-04-26exploit/aix/rpc_cmsd_opcode21This module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code executio
CVSS scores for CVE-2009-3699
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-3699
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3699
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ61628
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825
Patch
-
http://www.securityfocus.com/bid/36615
IBM AIX 'rpc.cmsd' Calendar Daemon Remote Stack Buffer Overflow VulnerabilityExploit;Patch
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ61717
-
http://securitytracker.com/id?1022996
-
http://www.vupen.com/english/advisories/2009/2846
Patch;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62237
-
http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62569
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62672
-
https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62572
Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62123
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62571
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/53681
-
http://www.ibm.com/support/docview.wss?uid=isg1IZ62570
Products affected by CVE-2009-3699
- cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.0.20:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3_ml03:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:sp6:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.10:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:*