CVE-2010-4070:informix_dynamic_server: Integer overflow in librpc.dll in portmap.exe (aka ...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4070

informix_dynamic_server: Integer overflow in librpc.dll in portmap.exe (aka ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4070

Original

Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-25

Source Information Category:

Advisory, Alert

Last Updated:

2010-10-26

Affected Product Tags

cpe:/a:ibm:informix_dynamic_server:10.00

cpe:/a:ibm:informix_dynamic_server:10.00.tc3tl

cpe:/a:ibm:informix_dynamic_server:10.00.xc1

cpe:/a:ibm:informix_dynamic_server:10.00.xc10

cpe:/a:ibm:informix_dynamic_server:10.00.xc2

cpe:/a:ibm:informix_dynamic_server:10.00.xc3

cpe:/a:ibm:informix_dynamic_server:10.00.xc4

cpe:/a:ibm:informix_dynamic_server:10.00.xc5

cpe:/a:ibm:informix_dynamic_server:10.00.xc6

cpe:/a:ibm:informix_dynamic_server:10.00.xc7w1

cpe:/a:ibm:informix_dynamic_server:10.00.xc8

cpe:/a:ibm:informix_dynamic_server:10.00.xc9

cpe:/a:ibm:informix_dynamic_server:11.50

cpe:/a:ibm:informix_dynamic_server:7.31

cpe:/a:ibm:informix_dynamic_server:9.40.tc5

cpe:/a:ibm:informix_dynamic_server:9.40.uc1

cpe:/a:ibm:informix_dynamic_server:9.40.uc2

cpe:/a:ibm:informix_dynamic_server:9.40.uc3

cpe:/a:ibm:informix_dynamic_server:9.40.uc5

cpe:/a:ibm:informix_dynamic_server:9.40.xc5

cpe:/a:ibm:informix_dynamic_server:9.40.xc7

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

MISC http://www.zerodayinitiative.com/advisories/ZDI-10-215/

OSVDB 68706

SECUNIA 41915

VUPEN ADV-2010-2733

Vulnerability Type Numeric Errors (CWE-189)