http://www.nwfusion.com/news/2002/0812certcc.html By Sam Costello IDG News Servic, 08/12/02 A buffer overflow in the ToolTalk RPC database server used in the Common Desktop Environment (CDE) on systems from vendors such as Sun and IBM could allow an attacker to run code with root privileges, according to a security alert released Monday by the CERT Coordination Center (CERT/CC). CDE is a graphical interface used on Unix and some Linux systems. The ToolTalk component of the software allows applications to communicate with each other across different platforms and hosts via remote procedure calls (RPC). The RPC database server manages those communications. The vulnerability comes as the result of a buffer overflow -- an attack in which the amount of memory assigned to an application or process is overrun, often with unpredictable results -- in the _TT_CREATE_FILE procedure in the ToolTalk RPC database server, according to CERT/CC, which is based at Carnegie Mellon University in Pittsburgh. CERT/CC is a federally funded computer and network security organization that frequently coordinates the release and repair of software security holes. By sending a specially crafted RPC message to the vulnerable component, an attacker could gain the ability to run code on the target system with the same privileges as the ToolTalk server, CERT/CC said. Even if an attacker were not able to run code, the attack would cause a denial of service, CERT/CC added. CDE is included in software from IBM, Hewlett-Packard, Sun, Silicon Graphics and others. Users should check with their vendors on whether their systems are vulnerable and for patch status and availability. More information about the vulnerability, including a list of affected software, workarounds and patches, can be found in CERT/CC's advisory. Another vulnerability which could lead to a denial-of-service attack was found in the ToolTalk RPC database server in July. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 05:03:47 PDT