CVE-2009-3699

IBM Vios < 2.1.0 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubydosaix
https://www.exploit-db.com/exploits/16929
metasploit WORKING POC GREAT
by Rodrigo Rubira Branco (BSDaemon), jduck · rubypocaix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/aix/rpc_cmsd_opcode21.rb

References (18)

Scores

EPSS 0.7889
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (30)
ibm/aix 5
ibm/aix 5.1
ibm/aix 5.1.0.10
ibm/aix 5.1l
ibm/aix 5.2
ibm/aix 5.2.0
ibm/aix 5.2.0.50
ibm/aix 5.2.0.54
ibm/aix 5.2.2
ibm/aix 5.2_l
... and 20 more
Published Oct 15, 2009
Tracked Since Feb 18, 2026