CVE-2009-3699

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Published: Oct 15, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3699
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
ibm / aix	5.2.0.50	5.2.0.50.x
ibm / aix	5.3.8	5.3.8.x
ibm / aix	5.3.7	5.3.7.x
ibm / aix	5.3.0.20	5.3.0.20.x
ibm / aix	5.3_l	5.3_l.x
ibm / aix	5l	5l.x
ibm / aix	6.1.3	6.1.3.x
ibm / aix	5.3.10	5.3.10.x
ibm / aix	5.3	5.3.x
ibm / aix	5	5.x
ibm / aix	6.1.0	6.1.0.x
ibm / vios	-	2.1.0.x
ibm / aix	5.2	5.2.x
ibm / aix	6.1.1	6.1.1.x
ibm / aix	5.2_l	5.2_l.x
ibm / aix	5.2.0.54	5.2.0.54.x
ibm / aix	6.1	6.1.x
ibm / aix	5.3_ml03	5.3_ml03.x
ibm / aix	5.3.9	5.3.9.x
ibm / vios	1.5.2	1.5.2.x
ibm / vios	1.4	1.4.x
ibm / aix	5.2.0	5.2.0.x
ibm / aix	5.2.2	5.2.2.x
ibm / vios	1.5.1	1.5.1.x
ibm / vios	1.5.0	1.5.0.x
ibm / aix	5.3-sp6	5.3-sp6.x
ibm / aix	5.1.0.10	5.1.0.10.x
ibm / aix	6.1.2	6.1.2.x
ibm / aix	5.1l	5.1l.x
ibm / aix	5.3.0	5.3.0.x
ibm / aix	5.1	5.1.x

Vulnerability Database

289,697

CVE-2009-3699