| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 10.0 | $0-$5k | 0.00 |
A vulnerability classified as very critical was found in IBM AIX (Operating System). Affected by this vulnerability is some unknown processing of the file rpc.cmsd. The manipulation of the argument first with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
The issue has been introduced in 05/04/2001. The weakness was published 10/07/2009 by Rodrigo Rubira Branco (iDefense) with iDEFENSE Labs (Website). It is possible to read the advisory at vupen.com. This vulnerability is known as CVE-2009-3699 since 10/14/2009. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. Technical details and also a public exploit are known. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/24/2021). It is expected to see the exploit prices for this product decreasing in the near future.
A public exploit has been developed in ANSI C and been published 5 months after the advisory. It is declared as highly functional. It is possible to download the exploit at securityfocus.com. The vulnerability was handled as a non-public zero-day exploit for at least 3078 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 64350 (AIX 6.1 TL 1 : cmsd (IZ62570)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family AIX Local Security Checks.
A possible mitigation has been published immediately after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 1907. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 9753.
The vulnerability is also documented in the databases at X-Force (53681), Vulnerability Center (SBV-23643) and Tenable (64350).
Type
Vendor
Name
VulDB Meta Base Score: 10.0
VulDB Meta Temp Score: 10.0
VulDB Base Score: 10.0
VulDB Temp Score: 10.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Memory corruption
CWE: CWE-119
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Programming Language: 🔍
Download: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 64350
Nessus Name: AIX 6.1 TL 1 : cmsd (IZ62570)
Nessus File: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
MetaSploit ID: rpc_cmsd_opcode21.rb
MetaSploit Name: AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow
MetaSploit File: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: no mitigation known
Status: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Snort ID: 1907
Snort Message: PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt
Snort Class: 🔍
TippingPoint: 🔍
SourceFire IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
05/04/2001 🔍
10/07/2009 🔍
10/07/2009 🔍
10/07/2009 🔍
10/07/2009 🔍
10/08/2009 🔍
10/10/2009 🔍
10/14/2009 🔍
10/15/2009 🔍
01/28/2010 🔍
01/30/2013 🔍
03/18/2015 🔍
08/24/2021 🔍Vendor: https://www.ibm.com/
Advisory: vupen.com
Researcher: Rodrigo Rubira Branco (iDefense)
Organization: iDEFENSE Labs
Status: Not defined
Confirmation: 🔍
CVE: CVE-2009-3699 (🔍)
X-Force: 53681
Vulnerability Center: 23643 – IBM AIX x27rpc.cmsdx27 Calendar Daemon Remote Arbitrary Code Execution and DoS Vulnerability, High
SecurityFocus: 36615 – IBM AIX ‘rpc.cmsd’ Calendar Daemon Remote Stack Buffer Overflow Vulnerability
OSVDB: 58726 – IBM AIX libcsa.a Calendar Manager Service Daemon (rpc.cmsd) Remote Procedure 21 Overflow
scip Labs: https://www.scip.ch/en/?labs.20161013
Created: 03/18/2015 15:15
Updated: 08/24/2021 00:45
Changes: (3) source_cve_assigned advisory_confirm_url vulnerability_cvss2_nvd_basescore
Complete: 🔍
Download it now for free!
