Vulnerability CVE-2009-2727

Vulnerability Name:

CVE-2009-2727 (CCN-51207)

Assigned:

2009-06-17

Published:

2009-06-17

Updated:

2009-08-11

Summary:

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: Vendor Advisory
http://aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc

Source: MITRE
Type: CNA
CVE-2009-2727

Source: MISC
Type: UNKNOWN
http://risesecurity.org/advisories/RISE-2009001.txt

Source: CCN
Type: SA35505
IBM AIX ToolTalk Library Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
35505

Source: AIXAPAR
Type: Vendor Advisory
IZ52842

Source: AIXAPAR
Type: Vendor Advisory
IZ52843

Source: AIXAPAR
Type: Vendor Advisory
IZ52844

Source: AIXAPAR
Type: Vendor Advisory
IZ52845

Source: AIXAPAR
Type: Vendor Advisory
IZ52846

Source: AIXAPAR
Type: Vendor Advisory
IZ52847

Source: AIXAPAR
Type: Vendor Advisory
IZ52848

Source: AIXAPAR
Type: Vendor Advisory
IZ52849

Source: AIXAPAR
Type: Vendor Advisory
IZ52850

Source: AIXAPAR
Type: Vendor Advisory
IZ52851

Source: CCN
Type: OSVDB ID: 55151
IBM AIX ToolTalk Library (libtt.a) _tt_internal_realpath Function Overflow

Source: BID
Type: Exploit
35419

Source: CCN
Type: BID-35419
IBM AIX 'rpc.ttdbserver' Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1620

Source: CCN
Type: IBM Technical Bulletin
AIX libtt.a rpc.ttdbserver remote buffer overflow vulnerability

Source: XF
Type: UNKNOWN
ibm-aix-tooltalk-bo(51207)

Vulnerable Configuration:

Configuration 1:

cpe:/o:ibm:aix:5.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.2.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.2.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.2_l:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.3.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.3.7:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.3.8:*:*:*:*:*:*:*