Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.
Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability
Reference ID: SSA-1004This advisory describes a remotely exploitable vulnerability in IBM Informix and EMC Legato Networker. Both products expose an rpc endpoint through the service ISM Portmapper (portmap.exe), running by default on port 36890. Incoming RPC data gets parsed in the library librpc.dll. This library contains a severe signedness check vulnerability which can lead to a fully-controllable stack buffer overflow, allowing for remote code execution as SYSTEM. Authentication is not necessary.
Disclosure timeline:
2008-02-07 - Vulnerability reported to vendor
2010-03-01 - Coordinated public release of advisory
References:
ZDI-10-023
CVE-2009-2754