Published: 13/10/2009 Updated: 17/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote malicious users to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm informix connect runtime 3.0
ibm informix client sdk 3.0
ibm informix client sdk 3.50

<?php /* IBM Informix Client SDK 30 SetNet32 File (nfx) Hostsize integer overflow exploit (2k3 sp0) by Nine:Situations:Group::bruiser site: retrogodaltervistaorg/ vulnerable packages: IBM Informix Client SDK 30, IBM Informix Connect Runtime 3x, possibly other products carrying the setnet32 utility User-suppli ...

CWE-189 http://www.securityfocus.com/bid/36588 http://retrogod.altervista.org/9sg_ibm_setnet32.html http://secunia.com/advisories/36949 http://www.vupen.com/english/advisories/2009/2834 http://www.osvdb.org/58530 http://securitytracker.com/id?1022985 https://exchange.xforce.ibmcloud.com/vulnerabilities/53644 https://nvd.nist.gov https://www.exploit-db.com/exploits/10070/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3691

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect