Hewlett-Packard Company Information for VU#387387

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()

Status

Affected

Vendor Statement

SOURCE: Hewlett-Packard Company Software Security Response Team (SSRT)

Date: 15 August, 2002
CROSS REFERENCE ID: SSRT2274

HP Tru64 UNIX

At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP-UX and HP Tru64 UNIX released operating system software.

HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel.

HP-UX

A preliminary fix for HP-UX is avaiable:

Originally issued: 12 July 2002
Last revision: 14 Aug 2002

ftp://ttdb1:ttdb1@hprc.external.hp.com/
file: rpc.ttdbserver.2.tar.gz

Details can be found in HPSBUX0207-199 at http://itrc.hp.com

NOT IMPACTED:

HP-MPE/ix
HP OpenVMS
HP NonStop Servers

HP Recommended Workaround:

A recommended workaround is to disable rpc.ttdbserverd until solutions are available. This should only create a potential problem for public software packages applications that use the RPC-based ToolTalk database server. This step should be evaluated against the risks identified, your security measures environment, and potential impact of other products that may use the ToolTalk database server.

To disable rpc.ttdbserverd:

HP Tru64 Unix:

Comment out the following line in /etc/inetd.conf:

rpc.ttdbserverd stream tcp swait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd

Force inetd to re-read the configuration file by executing the inetd -h command.

Note: The internet daemon should kill the currently running rpc.ttdbserver. If not, manually kill any existing rpc.ttdbserverd process.

HP-UX:

Comment out the following line in /etc/inetd.conf:

rpc stream tcp swait root /usr/dt/bin/rpc.ttdbserver 100083 1 /usr/dt/bin/rpc.ttdbserver [10.20]

or
rpc xti tcp swait root /usr/dt/bin/rpc.ttdbserver 100083 1 /usr/dt/bin/rpc.ttdbserver [11.0/11.11]

Force inetd to re-read the configuration file by executing the inetd -c command.

Note: The internet daemon should kill the currently running rpc.ttdbserver. If not, manually kill any existing rpc.ttdbserverd process.

To report potential security vulnerabilities in HP software, send an E-mail message to: security-alert@hp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Hewlett-Packard has released a security bulletin (SRB0039W/SSRT2274) that addresses VU#387387 and other vulnerabilities.

If you have feedback, comments, or additional information about this vulnerability, please send us email.