What is CVE-2009-3699?

CVE-2009-3699 is a vulnerability in N/a. Published 2009-10-15.

Is CVE-2009-3699 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-3699

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first a…

EPSS: 0.785 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

ADV-2009-2846 (vdb-entry, x_refsource_VUPEN)
IZ62237 (vendor-advisory, x_refsource_AIXAPAR)
IZ62570 (vendor-advisory, x_refsource_AIXAPAR)
IZ61628 (vendor-advisory, x_refsource_AIXAPAR)
1022996 (vdb-entry, x_refsource_SECTRACK)
20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc (x_refsource_CONFIRM)
IZ62569 (vendor-advisory, x_refsource_AIXAPAR)
ibm-aix-rpccmsd-bo(53681) (vdb-entry, x_refsource_XF)
IZ62571 (vendor-advisory, x_refsource_AIXAPAR)

Frequently asked questions

What is CVE-2009-3699?: CVE-2009-3699 is a vulnerability in N/a. Published 2009-10-15.
Is CVE-2009-3699 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.