[ISN] CERT: CDE ToolTalk flaw could give root access

From: InfoSec News (isnat_private)
Date: Tue Aug 13 2002 - 02:30:02 PDT

Next message: InfoSec News: "[ISN] Laptops lost, stolen at Justice"

Previous message: InfoSec News: "[ISN] Linux Security Week - August 12th 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nwfusion.com/news/2002/0812certcc.html

By Sam Costello
IDG News Servic, 08/12/02 

A buffer overflow in the ToolTalk RPC database server used in the
Common Desktop Environment (CDE) on systems from vendors such as Sun
and IBM could allow an attacker to run code with root privileges,
according to a security alert released Monday by the CERT Coordination
Center (CERT/CC).

CDE is a graphical interface used on Unix and some Linux systems. The
ToolTalk component of the software allows applications to communicate
with each other across different platforms and hosts via remote
procedure calls (RPC). The RPC database server manages those
communications.

The vulnerability comes as the result of a buffer overflow -- an
attack in which the amount of memory assigned to an application or
process is overrun, often with unpredictable results -- in the
_TT_CREATE_FILE procedure in the ToolTalk RPC database server,
according to CERT/CC, which is based at Carnegie Mellon University in
Pittsburgh. CERT/CC is a federally funded computer and network
security organization that frequently coordinates the release and
repair of software security holes.

By sending a specially crafted RPC message to the vulnerable
component, an attacker could gain the ability to run code on the
target system with the same privileges as the ToolTalk server, CERT/CC
said. Even if an attacker were not able to run code, the attack would
cause a denial of service, CERT/CC added.

CDE is included in software from IBM, Hewlett-Packard, Sun, Silicon
Graphics and others. Users should check with their vendors on whether
their systems are vulnerable and for patch status and availability.

More information about the vulnerability, including a list of affected
software, workarounds and patches, can be found in CERT/CC's advisory.

Another vulnerability which could lead to a denial-of-service attack
was found in the ToolTalk RPC database server in July.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Laptops lost, stolen at Justice"
Previous message: InfoSec News: "[ISN] Linux Security Week - August 12th 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 05:03:47 PDT