Xi Graphics Information for VU#387387
Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()
- Vendor Information Help Date Notified: 04 Jul 2002
- Statement Date:
- Date Updated: 09 Aug 2002
Xi Graphics deXtop CDE v2.1 is vulnerable to this attack. The update and accompanying text file will be:
Most sites do not need to use the ToolTalk server daemon. Xi Graphics Security recommends that non-essential services are never enabled. To disable the ToolTalk server on your system, edit /etc/inetd.conf and comment out, or remove, the 'rpc.ttdbserver' line. Then, either restart inetd, or reboot your machine.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.