The Common Desktop Environment (CDE) ToolTalk RPC database server contains a buffer overflow condition that could let an attacker execute arbitrary code or cause a denial of service on a vulnerable system. The ToolTalk RPC database server typically runs with root privileges.
A buffer overflow vulnerability has been reported in the CDE ToolTalk RPC database server (rpc.ttdbserverd). A component of CDE, the ToolTalk architecture allows applications to communicate with each other via remote procedure calls (RPC) across different hosts and platforms. The ToolTalk RPC database server manages connections between ToolTalk applications. CDE and ToolTalk are installed and enabled by default on many common UNIX platforms.
The ToolTalk RPC database server is vulnerable to a heap buffer overflow via an argument to the procedure _TT_CREATE_FILE(). As noted by the reporter, the non-executable stack feature of some operating systems may not prevent exploitation of this vulnerability if the payload can be located on the heap. An attacker with access to the ToolTalk RPC database service could exploit this vulnerability with a specially crafted RPC message.
A remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. The ToolTalk RPC database server typically runs with root privileges.
The CERT/CC thanks Sinan Eren of the Entercept Ricochet Team for reporting this vulnerability.
This document was written by Art Manion.
|Date First Published:||2002-08-12|
|Date Last Updated:||2002-09-09 22:15 UTC|