CVE-2009-2753

IBM Informix Dynamic Server <11.10.TC3 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2753.

AI-analyzed exploit summary This exploit targets a signedness error in librpc.dll, specifically in the __lgto_svcauth_unix function, leading to a stack overflow via a crafted network packet. The PoC sends a malformed payload to trigger the vulnerability, demonstrating remote code execution potential.

Description

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.

Exploits (1)

exploitdb WORKING POC
dosmultiple
https://www.exploit-db.com/exploits/12109

This exploit targets a signedness error in librpc.dll, specifically in the __lgto_svcauth_unix function, leading to a stack overflow via a crafted network packet. The PoC sends a malformed payload to trigger the vulnerability, demonstrating remote code execution potential.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IBM Informix Dynamic Server 10.0 (librpc.dll)
No auth needed
Prerequisites: Network access to target port 36890 · Vulnerable version of librpc.dll
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1IC55329
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1IC55330
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38731
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0508
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-022
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023669
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509789/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38471

Scores

EPSS 0.1084
EPSS Percentile 95.3%

Details

CWE
CWE-119
Status published
Products (28)
ibm/informix_dynamic_server 10.0
ibm/informix_dynamic_server 10.0.tc1
ibm/informix_dynamic_server 10.0.xc1
ibm/informix_dynamic_server 10.0.xc2e
ibm/informix_dynamic_server 10.0.xc3
ibm/informix_dynamic_server 10.0.xc3e
ibm/informix_dynamic_server 10.0.xc4
ibm/informix_dynamic_server 10.0.xc4e
ibm/informix_dynamic_server 10.0.xc5
ibm/informix_dynamic_server 10.0.xc5e
... and 18 more
Published Mar 05, 2010
Tracked Since Feb 18, 2026