Vulnerability Description
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Informix Client Sdk | 3.0 |
| Ibm | Informix Connect Runtime | 3.0 |
Related Weaknesses (CWE)
References
- http://retrogod.altervista.org/9sg_ibm_setnet32.htmlExploit
- http://secunia.com/advisories/36949Vendor Advisory
- http://securitytracker.com/id?1022985
- http://www.osvdb.org/58530
- http://www.securityfocus.com/bid/36588
- http://www.vupen.com/english/advisories/2009/2834Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53644
- http://retrogod.altervista.org/9sg_ibm_setnet32.htmlExploit
- http://secunia.com/advisories/36949Vendor Advisory
- http://securitytracker.com/id?1022985
- http://www.osvdb.org/58530
- http://www.securityfocus.com/bid/36588
- http://www.vupen.com/english/advisories/2009/2834Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53644
FAQ
What is CVE-2009-3691?
CVE-2009-3691 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a...
How severe is CVE-2009-3691?
CVE-2009-3691 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3691?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Informix Client Sdk, Ibm Informix Connect Runtime.