Caldera

Notified:  July 04, 2002 Updated: August 20, 2002

Status

  Vulnerable

Vendor Statement

Caldera Open UNIX and Caldera UnixWare provide the CDE ttdbserverd daemon, and is vulnerable to this issue. Please see Caldera Security Advisory CSSA-2002-SCO.28.1 for more information. SCO OpenServer and Caldera OpenLinux do not provide CDE, and are therefore not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Inc.

Notified:  July 04, 2002 Updated: August 09, 2002

Status

  Unknown

Vendor Statement

Cray, Inc. does include ToolTalk within the CrayTools product. However, rpc.ttdbserverd is not turned on or used by any Cray provided application. Since a site may have turned this on for their own use, they can always remove the binary /opt/ctl/bin/rpc.ttdbserverd if they are concerned.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Given the history of CDE source code, it is likely that the CrayTools ToolTalk RPC database server is vulnerable.

Data General

Notified:  July 04, 2002 Updated: July 05, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company

Notified:  July 04, 2002 Updated: September 09, 2002

Status

  Vulnerable

Vendor Statement

SOURCE: Hewlett-Packard Company Software Security Response Team (SSRT)

Date: 15 August, 2002
CROSS REFERENCE ID: SSRT2274

HP Tru64 UNIX

At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP-UX and HP Tru64 UNIX released operating system software.

HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel.

HP-UX

A preliminary fix for HP-UX is avaiable:

Originally issued: 12 July 2002
Last revision: 14 Aug 2002

ftp://ttdb1:ttdb1@hprc.external.hp.com/
file: rpc.ttdbserver.2.tar.gz

Details can be found in HPSBUX0207-199 at http://itrc.hp.com

NOT IMPACTED:

HP-MPE/ix
HP OpenVMS
HP NonStop Servers

HP Recommended Workaround:

A recommended workaround is to disable rpc.ttdbserverd until solutions are available. This should only create a potential problem for public software packages applications that use the RPC-based ToolTalk database server. This step should be evaluated against the risks identified, your security measures environment, and potential impact of other products that may use the ToolTalk database server.

To disable rpc.ttdbserverd:

HP Tru64 Unix:

Comment out the following line in /etc/inetd.conf:

rpc.ttdbserverd stream tcp swait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd

Force inetd to re-read the configuration file by executing the inetd -h command.

Note: The internet daemon should kill the currently running rpc.ttdbserver. If not, manually kill any existing rpc.ttdbserverd process.

HP-UX:

Comment out the following line in /etc/inetd.conf:

rpc stream tcp swait root /usr/dt/bin/rpc.ttdbserver 100083 1 /usr/dt/bin/rpc.ttdbserver [10.20]

or
rpc xti tcp swait root /usr/dt/bin/rpc.ttdbserver 100083 1 /usr/dt/bin/rpc.ttdbserver [11.0/11.11]

Force inetd to re-read the configuration file by executing the inetd -c command.

Note: The internet daemon should kill the currently running rpc.ttdbserver. If not, manually kill any existing rpc.ttdbserverd process.

To report potential security vulnerabilities in HP software, send an E-mail message to: security-alert@hp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Hewlett-Packard has released a security bulletin (SRB0039W/SSRT2274) that addresses VU#387387 and other vulnerabilities.

IBM

Notified:  July 04, 2002 Updated: August 13, 2002

Status

  Vulnerable

Vendor Statement

The CDE desktop product shipped with AIX is vulnerable to the issue detailed above in the advisory. This affects AIX releases 4.3.3 and 5.1.0. An efix package for this issue is currently available from the IBM software ftp site. The efix packages can be downloaded via anonymous ftp from ftp.software.ibm.com/aix/efixes/security. This directory contains a README file that gives further details on the efix packages. The following APARs will be available in the near future: AIX 4.3.3: IY32792 AIX 5.1.0: IY32793

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI

Notified:  July 04, 2002 Updated: August 09, 2002

Status

  Unknown

Vendor Statement

SGI acknowledges the ToolTalk vulnerabilities reported by CERT and is currently investigating. No further information is available at this time. For the protection of all our customers, SGI does not disclose, discuss or confirm vulnerabilities until a full investigation has occurred and any necessary patch(es) or release streams are available for all vulnerable and supported IRIX operating systems. Until SGI has more definitive information to provide, customers are encouraged to assume all security vulnerabilities as exploitable and take appropriate steps according to local site security policies and requirements. As further information becomes available, additional advisories will be issued via the normal SGI security information distribution methods including the wiretap mailing list on http://www.sgi.com/support/security/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc.

Notified:  July 04, 2002 Updated: August 09, 2002

Status

  Vulnerable

Vendor Statement

The Solaris RPC-based ToolTalk database server, rpc.ttdbserverd, is vulnerable to the buffer overflow described in this advisory in all currently supported versions of Solaris: Solaris 2.5.1, 2.6, 7, 8, and 9 Patches are being generated for all of the above releases. Sun will be publishing Sun Alert 46366 for this issue which will be located here: http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert%2F46366 The Sun Alert will be updated as more information or patches become available. The patches will be available from: http://sunsolve.sun.com/securitypatch Sun will be publishing a Sun Security Bulletin for this issue once all of the patches are available which will be located at: http://sunsolve.sun.com/security

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The Open Group

Notified:  July 04, 2002 Updated: July 05, 2002

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Xi Graphics

Notified:  July 04, 2002 Updated: August 09, 2002

Status

  Vulnerable

Vendor Statement

Xi Graphics deXtop CDE v2.1 is vulnerable to this attack. The update and accompanying text file will be: ftp://ftp.xig.com/pub/updates/dextop/2.1/DEX2100.016.tar.gz ftp://ftp.xig.com/pub/updates/dextop/2.1/DEX2100.016.txt Most sites do not need to use the ToolTalk server daemon. Xi Graphics Security recommends that non-essential services are never enabled. To disable the ToolTalk server on your system, edit /etc/inetd.conf and comment out, or remove, the 'rpc.ttdbserver' line. Then, either restart inetd, or reboot your machine.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.