CVE-2009-2727
Last modified
CVE-2009-2727 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.. EPSS estimates a 26.75% chance of exploitation in the next 30 days.
Description
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 5.2 |
| Ibm | Aix | 5.2.0 |
| Ibm | Aix | 5.2.0.50 |
| Ibm | Aix | 5.2.0.54 |
| Ibm | Aix | 5.2.2 |
| Ibm | Aix | 5.2_l |
| Ibm | Aix | 5.3 |
| Ibm | Aix | 5.3.0 |
| Ibm | Aix | 5.3.7 |
| Ibm | Aix | 5.3.8 |
| Ibm | Aix | 5.3.9 |
| Ibm | Aix | 5.3.10 |
| Ibm | Aix | 6.1 |
| Ibm | Aix | 6.1.0 |
| Ibm | Aix | 6.1.1 |
| Ibm | Aix | 6.1.2 |
References
- http://secunia.com/advisories/35505Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52842Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52843Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52844Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52845Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52846Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52847Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52848Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52849Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52850Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52851Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1620Patch, Vendor Advisory
- http://secunia.com/advisories/35505Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52842Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52843Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52844Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52845Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52846Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52847Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52848Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52849Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52850Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IZ52851Vendor Advisory
- http://www.vupen.com/english/advisories/2009/1620Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-2727?
How severe is CVE-2009-2727?
How do I fix CVE-2009-2727?
Are you affected by CVE-2009-2727?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST