Vulnerability Note VU#387387
Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()
The Common Desktop Environment (CDE) ToolTalk RPC database server contains a buffer overflow condition that could let an attacker execute arbitrary code or cause a denial of service on a vulnerable system. The ToolTalk RPC database server typically runs with root privileges.
A buffer overflow vulnerability has been reported in the CDE ToolTalk RPC database server (rpc.ttdbserverd). A component of CDE, the ToolTalk architecture allows applications to communicate with each other via remote procedure calls (RPC) across different hosts and platforms. The ToolTalk RPC database server manages connections between ToolTalk applications. CDE and ToolTalk are installed and enabled by default on many common UNIX platforms.
The ToolTalk RPC database server is vulnerable to a heap buffer overflow via an argument to the procedure _TT_CREATE_FILE(). As noted by the reporter, the non-executable stack feature of some operating systems may not prevent exploitation of this vulnerability if the payload can be located on the heap. An attacker with access to the ToolTalk RPC database service could exploit this vulnerability with a specially crafted RPC message.
A remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. The ToolTalk RPC database server typically runs with root privileges.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Affected||04 Jul 2002||20 Aug 2002|
|Hewlett-Packard Company||Affected||04 Jul 2002||09 Sep 2002|
|IBM||Affected||04 Jul 2002||13 Aug 2002|
|Sun Microsystems Inc.||Affected||04 Jul 2002||09 Aug 2002|
|Xi Graphics||Affected||04 Jul 2002||09 Aug 2002|
|Cray Inc.||Unknown||04 Jul 2002||09 Aug 2002|
|Data General||Unknown||04 Jul 2002||05 Jul 2002|
|SGI||Unknown||04 Jul 2002||09 Aug 2002|
|The Open Group||Unknown||04 Jul 2002||05 Jul 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks Sinan Eren of the Entercept Ricochet Team for reporting this vulnerability.
This document was written by Art Manion.
- CVE IDs: CAN-2002-0679
- Date Public: 12 Aug 2002
- Date First Published: 12 Aug 2002
- Date Last Updated: 09 Sep 2002
- Severity Metric: 14.04
- Document Revision: 32
If you have feedback, comments, or additional information about this vulnerability, please send us email.