Trend Micro Security

Multiple Vendors librpc.dll Stack Buffer Overflow

2011年2月15日
  危険度: : 緊急
  CVE識別番号: CVE-2009-2754

  概要

 Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.

  トレンドマイクロの対策

Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1004027
  Trend Micro Deep Security DPI Rule Name: 1004027 - Multiple Vendors librpc.dll Stack Buffer Overflow

  影響を受けるソフトウェア

  • emc legato_networker
  • ibm informix_dynamic_server 10.0
  • ibm informix_dynamic_server 10.0.tc1
  • ibm informix_dynamic_server 10.0.xc1
  • ibm informix_dynamic_server 10.0.xc10
  • ibm informix_dynamic_server 10.0.xc10e
  • ibm informix_dynamic_server 10.0.xc2e
  • ibm informix_dynamic_server 10.0.xc3
  • ibm informix_dynamic_server 10.0.xc3e
  • ibm informix_dynamic_server 10.0.xc4
  • ibm informix_dynamic_server 10.0.xc4e
  • ibm informix_dynamic_server 10.0.xc5
  • ibm informix_dynamic_server 10.0.xc5e
  • ibm informix_dynamic_server 10.0.xc6
  • ibm informix_dynamic_server 10.0.xc6e
  • ibm informix_dynamic_server 10.0.xc7
  • ibm informix_dynamic_server 10.0.xc7e
  • ibm informix_dynamic_server 10.0.xc8
  • ibm informix_dynamic_server 10.0.xc8e
  • ibm informix_dynamic_server 10.0.xc9
  • ibm informix_dynamic_server 10.0.xc9e
  • ibm informix_dynamic_server 11.1
  • ibm informix_dynamic_server 11.10
  • ibm informix_dynamic_server 11.10.xc1
  • ibm informix_dynamic_server 11.10.xc1de
  • ibm informix_dynamic_server 11.10.xc2
  • ibm informix_dynamic_server 11.10.xc2e
  • ibm informix_dynamic_server 11.10.xc3
  • ibm informix_dynamic_server 11.10.xc3e