IBM Informix Dynamic Server is prone to an overflow condition. 'librpc.dll' in 'portmap.exe' fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted RPC packet with a crafted parameter size sent to TCP port 36890, a remote attacker can potentially execute arbitrary code.

Upgrade to version 7.31.xD11, 9.40.xC10, 10.00.xC8, 11.10.xC2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2010-4070 (see also: NVD)
• Secunia Advisory ID: 41915
• VUPEN Advisory: ADV-2010-2733
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-10-215/

• Sebastian Apelt - Zero Day Initiative (ZDI)