Compaq Computer Corporation Information for VU#299816

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file operations

Status

Affected

Vendor Statement

SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary of Hewlett-Packard Company and Hewlett-Packard Company HP Services Software Security Response Team

CROSS REFERENCE: SSRT2251

At this time Compaq does have solutions in final testing and will publish HP Tru64 UNIX security bulletin (SSRT2251) with patch information as soon as testing has completed and kits are available from the support ftp web site.

A recommended workaround however is to disable rpc.ttdbserver until solutions are available. This should only create a potential problem for public software packages applications that use the RPC-based ToolTalk database server. This step should be evaluated against the risks identified, your security measures environment, and potential impact of other products that may use the ToolTalk database server.

To disable rpc.ttdbserverd:

  • Comment out the following line in /etc/inetd.conf:
    rpc.ttdbserverd  stream tcp swait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd
  • Force inetd to re-read the configuration file by executing the inetd -h command.
Note: The internet daemon should kill the currently running rpc.ttdbserver. If not, manually kill any existing rpc.ttdbserverd process.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Compaq (Hewlett-Packard) has released a security bulletin (SRB0039W/SSRT2251) that addresses VU#299816 and other vulnerabilities.

If you have feedback, comments, or additional information about this vulnerability, please send us email.