Re: rpc.ttdbserverd on solaris 7

From: Brent Paulson (paulsonat_private)
Date: Thu Nov 18 1999 - 13:48:56 PST

Next message: Gerardo Richarte: "Re: WordPad/riched20.dll buffer overflow"

Previous message: Elias Levy: "Re: rpc.ttdbserverd on solaris 7"
Maybe in reply to: Dan Stromberg: "rpc.ttdbserverd on solaris 7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

] We recently had mass attempts at breaking into our systems through
] rpc.ttdbserverd.

] Some of the rpc.ttdbserverd's dumped core, including at least one on
] solaris 7.
] Some of our systems with noexec_user_stack and noexec_user_stack_log
] reported attempts to execute code on the stack.  Needless to say, this
] is worrisome.

] The messages logged look like:

] Nov 12 18:47:01 foo.bar.baz /usr/dt/bin/rpc.ttdbserverd[646]:
] _Tt_file_system::findBestMountPoint -- max_match_entry is null,
] aborting...
] Nov 12 18:47:01 foo.bar.baz inetd[143]: /usr/dt/bin/rpc.ttdbserverd:
] Segmentation Fault - core dumped
] Nov 12 18:47:02 foo.bar.baz unix: rpc.ttdbserverd[1932] attempt to
] execute code on stack by uid 0
] Nov 12 18:47:02 foo.bar.baz inetd[143]: /usr/dt/bin/rpc.ttdbserverd:
] Segmentation Fault - core dumped
] Nov 12 18:47:03 foo.bar.baz unix: rpc.ttdbserverd[1934] attempt to
] execute code on stack by uid 0
] Nov 12 18:47:03 foo.bar.baz inetd[143]: /usr/dt/bin/rpc.ttdbserverd:
] Segmentation Fault - core dumped

] We looked at the situation a bit more, and discovered that there is an
] rpc.ttdbserverd patch for Solaris 7 (107893-02), but it actually isn't
] on the recommended patch list for some reason.

] Does this patch fix the vulnerability I've described?


Yes, the Solaris 7 patch 107893-02 does fix the core dump problem.  The
core dump is not caused by a stack overflow, but by a NULL pointer
dereference.  We do always recommend that users install the latest
recommended and security patch sets for your version of Solaris.


] If yes, why would it not be recommended?


It is on the current recommended patch list, I confirmed this at:

ftp://sunsolve.Sun.COM/pub/patches/Solaris7.PatchReport

Patch-ID# 107893-02
Synopsis: OpenWindows 3.6.1: Tooltalk patch
BugId's fixed with this patch: 4229531 4153078 4204015 4260867
Changes incorporated in this version: 4204015 4260867
Date: Sep/27/99


] If not, is a patch forthcoming?

See above.


Best regards,
Brent Paulson
paulsonat_private

Next message: Gerardo Richarte: "Re: WordPad/riched20.dll buffer overflow"
Previous message: Elias Levy: "Re: rpc.ttdbserverd on solaris 7"
Maybe in reply to: Dan Stromberg: "rpc.ttdbserverd on solaris 7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:20 PDT