Sun Microsystems Inc. Information for VU#387387

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()



Vendor Statement

The Solaris RPC-based ToolTalk database server, rpc.ttdbserverd, is vulnerable to the buffer overflow described in this advisory in all currently supported versions of Solaris:

    Solaris 2.5.1, 2.6, 7, 8, and 9

Patches are being generated for all of the above releases. Sun will be publishing Sun Alert 46366 for this issue which will be located here:
The Sun Alert will be updated as more information or patches become available. The patches will be available from:
Sun will be publishing a Sun Security Bulletin for this issue once all of the patches are available which will be located at:

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References



    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.