[ISN] CERT: CDE ToolTalk flaw could give root access

From: InfoSec News (isnat_private)
Date: Tue Aug 13 2002 - 02:30:02 PDT

  • Next message: InfoSec News: "[ISN] Laptops lost, stolen at Justice"

    By Sam Costello
    IDG News Servic, 08/12/02 
    A buffer overflow in the ToolTalk RPC database server used in the
    Common Desktop Environment (CDE) on systems from vendors such as Sun
    and IBM could allow an attacker to run code with root privileges,
    according to a security alert released Monday by the CERT Coordination
    Center (CERT/CC).
    CDE is a graphical interface used on Unix and some Linux systems. The
    ToolTalk component of the software allows applications to communicate
    with each other across different platforms and hosts via remote
    procedure calls (RPC). The RPC database server manages those
    The vulnerability comes as the result of a buffer overflow -- an
    attack in which the amount of memory assigned to an application or
    process is overrun, often with unpredictable results -- in the
    _TT_CREATE_FILE procedure in the ToolTalk RPC database server,
    according to CERT/CC, which is based at Carnegie Mellon University in
    Pittsburgh. CERT/CC is a federally funded computer and network
    security organization that frequently coordinates the release and
    repair of software security holes.
    By sending a specially crafted RPC message to the vulnerable
    component, an attacker could gain the ability to run code on the
    target system with the same privileges as the ToolTalk server, CERT/CC
    said. Even if an attacker were not able to run code, the attack would
    cause a denial of service, CERT/CC added.
    CDE is included in software from IBM, Hewlett-Packard, Sun, Silicon
    Graphics and others. Users should check with their vendors on whether
    their systems are vulnerable and for patch status and availability.
    More information about the vulnerability, including a list of affected
    software, workarounds and patches, can be found in CERT/CC's advisory.
    Another vulnerability which could lead to a denial-of-service attack
    was found in the ToolTalk RPC database server in July.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 05:03:47 PDT