IBM Information for VU#595507
Common Desktop Environment (CDE) ToolTalk RPC Server rpc.ttdbserverd contains format string vulnerability
- Vendor Information Help Date Notified: 14 Aug 2001
- Statement Date:
- Date Updated: 31 Oct 2001
[from IBM Security Advisory contained in: ftp://aix.software.ibm.com/aix/efixes/security/tooltalk_efix.tar.Z]
A. Official fix
IBM is working on the following fixes which will be available soon:
- Pending assignment - the Advisory copy in the efix download package will be updated as soon as the assignment is made. Also, the CERT Vulnerability Note will be updated and we will post a note to SecurityFocus BUGTRAQ. IBM's Managed Security Service will also distribute notification of when this happens.
- APAR #IY23846
The APARs for AIX 4.3 and 5.1 will not be available until late October - November 2001.
NOTE: Fix will not be provided for versions prior to 4.3 as these are no longer supported by IBM. Affected customers are urged to upgrade to 4.3.3 at the latest maintenance level, or to 5.1.
B. How to minimize the vulnerability
None, other than disabling the CDE Tooltalk RPC database server.
EMERGENCY FIX (efix):
Temporary fixes for AIX 4.3.x and 5.1 systems are available.
The temporary fixes can be downloaded via ftp from:
The name of the efix you want to download to close this vulnerability is tooltalk_efix.tar.Z.
The efix compressed tarball contains a copy of this Advisory and another tarfile, efix_binaries.tar. This latter tarfile will untar into two subdirectories, tooltalk_rpc_aix43_efix and tooltalk_rpc_aix51_efix, for AIX 4.3 and 5.1, respectively. Each subdirectory contains a patched rpc.ttdbserver and libtt.a binary, plus an INSTALL textfile that is a synopsis of the installation instructions given below. In the same directory level with the Advisory is a detached PGP signature file for the tarfile containing the fixes, efix_binaries.tar.asc.
These temporary fixes have not been fully regression tested; thus, IBM does not warrant the fully correct functioning of the efix. Customers install the efix and operate the modified version of AIX at their own risk.
The vendor has not provided us with any further information regarding this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us email.