exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 1 of 1

Files

AIX RPC.cmsd Remote Buffer Overflow

Posted Feb 3, 2010

Authored by Rodrigo Rubira Branco

AIX RPC.cmsd remote stack buffer overflow proof of concept exploit.

tags | exploit, remote, overflow, proof of concept

systems | aix

SHA-256 | 7c8e41a206c1c2240e87d6853f2c71873a26177a618a781f20802d31ab305649

Download | Favorite | View

Related Files

iDEFENSE Security Advisory 2009-10-07.1

Posted Oct 8, 2009

Authored by iDefense Labs, Rodrigo Rubira Branco | Site idefense.com

iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.

tags | advisory, remote, overflow, arbitrary

systems | aix

SHA-256 | e622abe9b0845daaab5cfe3b95d2641f11a23e3387e454d48596ac147be98ab7

Download | Favorite | View