Compaq Computer Corporation Information for VU#595507

Common Desktop Environment (CDE) ToolTalk RPC Server rpc.ttdbserverd contains format string vulnerability

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    NO RESTRICTION FOR DISTRIBUTION
PROVIDED THE ADVISORY REMAINS INTACT

  TITLE: SSRT0767U Potential rpc.ttdbserverd buffer overflow

  CASE ID: SSRT0767U
 (X-REF: CVE CAN-2001-0717, x-force 02-oct-2001,
         CERT CA-2001-27)

  SOURCE:  Compaq Computer Corporation
          Software Security Response Team
   DATE:  02-Oct-2001

(c) Copyright 2001 Compaq Computer Corporation. All rights reserved.


  "Compaq is broadly distributing this Security Advisory in order
 to bring to the attention of users of Compaq products the
 important security information contained in this Advisory.
 Compaq recommends that all users determine the applicability of
 this information to their individual situations and take
 appropriate action.

  Compaq does not warrant that this information is necessarily
 accurate or complete for all user situations and, consequently,
 Compaq will not be responsible for any damages resulting from
 user's use or disregard of the information provided in this
 Advisory."

  Severity: low

   This potential security vulnerability has not been
  reproduced for any release of Compaq Tru64 Unix.
  However with the information available, we are providing
  a patch that will further reduce any potential
  vulnerability.

   A patch has been made available for all supported
  versions of Tru64/ DIGITAL UNIX V4.0f, V4.0g, V5.0a,
  V5.1, and V5.1a. To obtain a patch for prior versions
  contact your normal Compaq Services support channel.

   *This solution will be included in a future distributed
  release of Compaq's Tru64 / DIGITAL UNIX.


  The patches identified are available from the Compaq FTP site
 http://ftp1.support.compaq.com/public/dunix/ then choose the
 version directory needed and search for the patch by name.

  The patch names are:

     DUV40F17-C0056200-11703-ER-20010928.tar
    T64V40G17-C0007000-11704-ER-20010928.tar
    T64V50A17-C0015500-11705-ER-20010928.tar
    T64V5117-C0065200-11706-ER-20010928.tar
    T64V51Assb-C0000800-11707-ER-20010928.tar


  To subscribe to automatically receive future NEW Security
 Advisories from the Software Security Response Team at
 Compaq via electronic mail,

  Use your browser to get to the
 http://www.support.compaq.com/patches/mailing-list.shtml
 and sign up.   Select "Security and Individual Notices" for
 immediate dispatch notifications.

  To report a potential security vulnerability for Compaq
 products, send email to security-ssrt@compaq.com

  If you need further information, please contact your normal
 Compaq Services support channel.

  Compaq appreciates your cooperation and patience. As always,
 Compaq urges you to periodically review your system management
 and security procedures.  Compaq will continue to review and
 enhance the security features of its products and work
 with customers to maintain and improve the security and
 integrity of their systems.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBO78nlDnTu2ckvbFuEQKetQCg4wWYlBghvodt3FcggpMWzoYYQNIAoOBu
59ftYye4zJnazHWnZHQqEPBY
=JKbN
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.