Signature Detail

APP: Informix Dynamic Server Lib RPC

This signature detects attempts to exploit a known vulnerability in the IBM Informix Dynamic Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

The 'librpc.dll' RPC protocol parsing library is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: IBM Informix IDS EMC Legato Networker

Affected Products

• EMC Legato Networker 6.0.0 x
• EMC Legato Networker 7.0.0
• EMC Legato Networker 7.1.3
• EMC Legato Networker 7.2.0
• EMC Legato Networker 7.2.0 build 172
• EMC Legato Networker 7.2.1
• EMC Legato Networker 7.3.2
• IBM Informix IDS 10.0
• IBM Informix IDS 10.00.Xc11
• IBM Informix IDS 10.00.xC7W1
• IBM Informix IDS 10.00.xC8
• IBM Informix IDS 10.0 xC3
• IBM Informix IDS 10.0.xC4
• IBM Informix IDS 11.10
• IBM Informix IDS 11.10.xC2
• IBM Informix IDS 11.10.Xc4
• IBM Informix IDS 7.3
• IBM Informix IDS 7.31 .xD8
• IBM Informix IDS 7.31 .xD9
• IBM Informix IDS 9.3.0
• IBM Informix IDS 9.4
• IBM Informix IDS 9.40
• IBM Informix IDS 9.40.0 .UC1
• IBM Informix IDS 9.40.0 .UC2
• IBM Informix IDS 9.40.0 .UC3
• IBM Informix IDS 9.40.TC5
• IBM Informix IDS 9.40.UC5
• IBM Informix IDS 9.40.xD8

References

• BugTraq: 38472
• CVE: CVE-2009-2754
• URL: http://www.ibm.com/support/docview.wss?uid=swg1IC55330
• URL: http://www.ibm.com/support/docview.wss?uid=swg1IC55329