Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2727

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

Published

2009-08-10T23:30:00.327

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System ibm aix 5.2 Yes
Operating System ibm aix 5.2.0 Yes
Operating System ibm aix 5.2.0.50 Yes
Operating System ibm aix 5.2.0.54 Yes
Operating System ibm aix 5.2.2 Yes
Operating System ibm aix 5.2_l Yes
Operating System ibm aix 5.3 Yes
Operating System ibm aix 5.3.0 Yes
Operating System ibm aix 5.3.7 Yes
Operating System ibm aix 5.3.8 Yes
Operating System ibm aix 5.3.9 Yes
Operating System ibm aix 5.3.10 Yes
Operating System ibm aix 6.1 Yes
Operating System ibm aix 6.1.0 Yes
Operating System ibm aix 6.1.1 Yes
Operating System ibm aix 6.1.2 Yes
References