CVE-2010-2090 - OpenCVE

The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Communications Server
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:communications_server:6.1.3:::::::*
	cpe:2.3:a:ibm:communications_server:6.3.1.0:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:communications_server:6.1.3:::::::*
	cpe:2.3:a:ibm:communications_server:6.3.1.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/39909
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810
http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026
http://www-01.ibm.com/support/docview.wss?uid=swg24013012
http://www.securityfocus.com/bid/40372
http://www.vupen.com/english/advisories/2010/1244
https://exchange.xforce.ibmcloud.com/vulnerabilities/58874

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-05-27T19:00:00

Updated: 2024-08-07T02:17:14.443Z

Reserved: 2010-05-27T00:00:00

Link: CVE-2010-2090

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-05-27T19:30:01.890

Modified: 2017-08-17T01:32:36.680

Link: CVE-2010-2090

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-1244", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1244"}, {"name": "40372", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40372"}, {"name": "39909", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39909"}, {"name": "JR36026", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026"}, {"name": "IZ68810", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810"}, {"name": "csa-appc-dos(58874)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58874"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24013012"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2090", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-1244", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1244"}, {"name": "40372", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40372"}, {"name": "39909", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39909"}, {"name": "JR36026", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026"}, {"name": "IZ68810", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810"}, {"name": "csa-appc-dos(58874)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58874"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24013012", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24013012"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:17:14.443Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2010-1244", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1244"}, {"name": "40372", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40372"}, {"name": "39909", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39909"}, {"name": "JR36026", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026"}, {"name": "IZ68810", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810"}, {"name": "csa-appc-dos(58874)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58874"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24013012"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2090", "datePublished": "2010-05-27T19:00:00", "dateReserved": "2010-05-27T00:00:00", "dateUpdated": "2024-08-07T02:17:14.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:communications_server:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "30C2778F-9F0A-4B67-8A7B-725E25E03E11", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:communications_server:6.3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "77F3AAB4-7622-42FA-8B8A-62D937727FEA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:communications_server:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "30C2778F-9F0A-4B67-8A7B-725E25E03E11", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:communications_server:6.3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "77F3AAB4-7622-42FA-8B8A-62D937727FEA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small."}, {"lang": "es", "value": "La funci\u00f3n pb_protocol_error en sna V5router64 en IBM Communications Server para Windows v6.1.3 y Communications Server para AIX (tambi\u00e9n conocido como CSAIX o CS/AIX) en sna.rte anterior a v6.3.1.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de datos APPC que contienen una variable GDSID con un GDS con una logitud demasiado peque\u00f1a."}], "id": "CVE-2010-2090", "lastModified": "2017-08-17T01:32:36.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-27T19:30:01.890", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39909"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68810"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR36026"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24013012"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/40372"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1244"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58874"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}