IBM Information for VU#595507

Common Desktop Environment (CDE) ToolTalk RPC Server rpc.ttdbserverd contains format string vulnerability

Status

Affected

Vendor Statement

[from IBM Security Advisory contained in: ftp://aix.software.ibm.com/aix/efixes/security/tooltalk_efix.tar.Z]

A. Official fix

IBM is working on the following fixes which will be available soon:

AIX 4.3:

    Pending assignment - the Advisory copy in the efix download package will be updated as soon as the assignment is made. Also, the CERT Vulnerability Note will be updated and we will post a note to SecurityFocus BUGTRAQ. IBM's Managed Security Service will also distribute notification of when this happens.
AIX 5.1:
    APAR #IY23846

The APARs for AIX 4.3 and 5.1 will not be available until late October - November 2001.

NOTE: Fix will not be provided for versions prior to 4.3 as these are no longer supported by IBM. Affected customers are urged to upgrade to 4.3.3 at the latest maintenance level, or to 5.1.

B. How to minimize the vulnerability

WORKAROUND

None, other than disabling the CDE Tooltalk RPC database server.

EMERGENCY FIX (efix):

Temporary fixes for AIX 4.3.x and 5.1 systems are available.

The temporary fixes can be downloaded via ftp from:

ftp://aix.software.ibm.com/aix/efixes/security

The name of the efix you want to download to close this vulnerability is tooltalk_efix.tar.Z.

The efix compressed tarball contains a copy of this Advisory and another tarfile, efix_binaries.tar. This latter tarfile will untar into two subdirectories, tooltalk_rpc_aix43_efix and tooltalk_rpc_aix51_efix, for AIX 4.3 and 5.1, respectively. Each subdirectory contains a patched rpc.ttdbserver and libtt.a binary, plus an INSTALL textfile that is a synopsis of the installation instructions given below. In the same directory level with the Advisory is a detached PGP signature file for the tarfile containing the fixes, efix_binaries.tar.asc.

These temporary fixes have not been fully regression tested; thus, IBM does not warrant the fully correct functioning of the efix. Customers install the efix and operate the modified version of AIX at their own risk.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

See also: