Unrated severityNVD Advisory· Published Oct 15, 2009· Updated Apr 23, 2026

CVE-2009-3699

Description

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Affected products

IBM/Vios5 versions
cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*range: <=2.1.0
- cpe:2.3:a:ibm:vios:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:1.5.2:*:*:*:*:*:*:*
IBM/Aix26 versions
cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:o:ibm:aix:5:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.50:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.0.54:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.0.20:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.10:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3_ml03:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:sp6:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

labs.idefense.com/intelligence/vulnerabilities/display.phpnvdPatch
www.vupen.com/english/advisories/2009/2846nvdPatchVendor Advisory
www.securityfocus.com/bid/36615nvdExploitPatch
aix.software.ibm.com/aix/efixes/security/cmsd_advisory.ascnvdVendor Advisory
secunia.com/advisories/36978nvdVendor Advisory
www.ibm.com/support/docview.wssnvdVendor Advisory
securitytracker.com/idnvd
www.ibm.com/support/docview.wssnvd
www.ibm.com/support/docview.wssnvd
www.ibm.com/support/docview.wssnvd
www.ibm.com/support/docview.wssnvd
www.ibm.com/support/docview.wssnvd
www.ibm.com/support/docview.wssnvd
www.ibm.com/support/docview.wssnvd
www.ibm.com/support/docview.wssnvd
www.osvdb.org/58726nvd
exchange.xforce.ibmcloud.com/vulnerabilities/53681nvd
www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gznvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.063
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000