Compaq Computer Corporation Information for VU#975403
Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file descriptor arguement to _TT_ISCLOSE()
SOURCE: Compaq Computer Corporation, a wholly-owned subsidiary of Hewlett-Packard Company and Hewlett-Packard Company HP Services Software Security Response Team
CROSS REFERENCE: SSRT2251
At this time Compaq does have solutions in final testing and will publish HP Tru64 UNIX security bulletin (SSRT2251) with patch information as soon as testing has completed and kits are available from the support ftp web site.
A recommended workaround however is to disable rpc.ttdbserver until solutions are available. This should only create a potential problem for public software packages applications that use the RPC-based ToolTalk database server. This step should be evaluated against the risks identified, your security measures environment, and potential impact of other products that may use the ToolTalk database server.
To disable rpc.ttdbserverd:
- Comment out the following line in /etc/inetd.conf:
rpc.ttdbserverd stream tcp swait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd
- Force inetd to re-read the configuration file by executing the inetd -h command.
Note: The internet daemon should kill the currently running rpc.ttdbserver. If not, manually kill any existing rpc.ttdbserverd process.
The vendor has not provided us with any further information regarding this vulnerability.
Compaq (Hewlett-Packard) has released a security bulletin (SRB0039W/SSRT2251) that addresses VU#975403 and other vulnerabilities.
If you have feedback, comments, or additional information about this vulnerability, please send us email.