WER IST SIBERAS?

Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.

KONTAKT

Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability

Reference ID: SSA-1004
Publication date: 01.03.2010
Severity: critical
Discovered by: Sebastian Apelt

This advisory describes a remotely exploitable vulnerability in IBM Informix and EMC Legato Networker. Both products expose an rpc endpoint through the service ISM Portmapper (portmap.exe), running by default on port 36890. Incoming RPC data gets parsed in the library librpc.dll. This library contains a severe signedness check vulnerability which can lead to a fully-controllable stack buffer overflow, allowing for remote code execution as SYSTEM. Authentication is not necessary.

Disclosure timeline:
2008-02-07 - Vulnerability reported to vendor
2010-03-01 - Coordinated public release of advisory

References:
ZDI-10-023
CVE-2009-2754