CVE-2009-2727

IBM AIX <6.1.3 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteaix

https://www.exploit-db.com/exploits/16930

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Ramon de C Valle · rubypocaix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/aix/rpc_ttdbserverd_realpath.rb

View Code ZIP pw:eip

References (15)

[Vendor Advisory] http://aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc

[Various Sources] http://risesecurity.org/advisories/RISE-2009001.txt

[Vendor Advisory] http://secunia.com/advisories/35505

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52842

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52843

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52844

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52845

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52846

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52847

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52848

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52849

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52850

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=isg1IZ52851

[Exploit] http://www.securityfocus.com/bid/35419

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/1620

Scores

EPSS 0.7763

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (16)

ibm/aix 5.2

ibm/aix 5.2.0

ibm/aix 5.2.0.50

ibm/aix 5.2.0.54

ibm/aix 5.2.2

ibm/aix 5.2_l

ibm/aix 5.3

ibm/aix 5.3.0

ibm/aix 5.3.7

ibm/aix 5.3.8

... and 6 more

Published Aug 10, 2009

Tracked Since Feb 18, 2026