Informix Dynamic Server librpc.dll credentials length buffer overflow

Added: 06/10/2010
CVE: CVE-2009-2753
BID: 38471
OSVDB: 62783

Background

Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll.

Problem

A buffer overflow vulnerability in librpc.dll allows remote attackers to execute arbitrary commands by sending a request containing an invalid credentials length parameter to the portmapper service.

Resolution

Upgrade to version 10.00.TC9, 10.00.TC10, 11.10.TC3, or 11.10.TC4 or higher.

References

http://secunia.com/advisories/38731

Limitations

Exploit works on Informix Dynamic Server 11.10.TC1 on Windows Server 2003 SP2 with security updates KB956802 and KB956572 installed and DEP disabled.

Platforms

Windows Server 2003

Back to exploit index