Xi Graphics Information for VU#387387

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()



Vendor Statement

Xi Graphics deXtop CDE v2.1 is vulnerable to this attack. The update and accompanying text file will be:

Most sites do not need to use the ToolTalk server daemon. Xi Graphics Security recommends that non-essential services are never enabled. To disable the ToolTalk server on your system, edit /etc/inetd.conf and comment out, or remove, the 'rpc.ttdbserver' line. Then, either restart inetd, or reboot your machine.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.