Integer Overflow in IBM Informix Dynamic Server's Portmapper Service
CVE-2010-4070

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Server
Vendor: CVE Published:; 25 October 2010

Summary

An integer overflow vulnerability exists in the librpc.dll component of portmap.exe, part of the IBM Informix Dynamic Server. This issue can be exploited by remote attackers to execute arbitrary code or induce a denial of service condition through carefully crafted parameter sizes. Versions affected include ISM before 2.20.TC1.117, IDS 7.x prior to 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2. Prompt remediation is recommended for all impacted environments.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-215/

x_refsource_MISC

http://www.osvdb.org/68706

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2010/2733

vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 25, 2010