Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
2009-10-15T10:30:01.267
2025-04-09T00:30:58.490
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | vios | ≤ 2.1.0 | Yes |
| Application | ibm | vios | 1.4 | Yes |
| Application | ibm | vios | 1.5.0 | Yes |
| Application | ibm | vios | 1.5.1 | Yes |
| Application | ibm | vios | 1.5.2 | Yes |
| Operating System | ibm | aix | 5 | Yes |
| Operating System | ibm | aix | 5.1 | Yes |
| Operating System | ibm | aix | 5.1.0.10 | Yes |
| Operating System | ibm | aix | 5.1l | Yes |
| Operating System | ibm | aix | 5.2 | Yes |
| Operating System | ibm | aix | 5.2.0 | Yes |
| Operating System | ibm | aix | 5.2.0.50 | Yes |
| Operating System | ibm | aix | 5.2.0.54 | Yes |
| Operating System | ibm | aix | 5.2.2 | Yes |
| Operating System | ibm | aix | 5.2_l | Yes |
| Operating System | ibm | aix | 5.3 | Yes |
| Operating System | ibm | aix | 5.3 | Yes |
| Operating System | ibm | aix | 5.3.0 | Yes |
| Operating System | ibm | aix | 5.3.0.20 | Yes |
| Operating System | ibm | aix | 5.3.7 | Yes |
| Operating System | ibm | aix | 5.3.8 | Yes |
| Operating System | ibm | aix | 5.3.9 | Yes |
| Operating System | ibm | aix | 5.3.10 | Yes |
| Operating System | ibm | aix | 5.3_l | Yes |
| Operating System | ibm | aix | 5.3_ml03 | Yes |
| Operating System | ibm | aix | 5l | Yes |
| Operating System | ibm | aix | 6.1 | Yes |
| Operating System | ibm | aix | 6.1.0 | Yes |
| Operating System | ibm | aix | 6.1.1 | Yes |
| Operating System | ibm | aix | 6.1.2 | Yes |
| Operating System | ibm | aix | 6.1.3 | Yes |