Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

CERT: CDE ToolTalk flaw could give root access

From: InfoSec News <isn () c4i org>
Date: Tue, 13 Aug 2002 04:30:02 -0500 (CDT)
http://www.nwfusion.com/news/2002/0812certcc.html

By Sam Costello
IDG News Servic, 08/12/02 

A buffer overflow in the ToolTalk RPC database server used in the
Common Desktop Environment (CDE) on systems from vendors such as Sun
and IBM could allow an attacker to run code with root privileges,
according to a security alert released Monday by the CERT Coordination
Center (CERT/CC).

CDE is a graphical interface used on Unix and some Linux systems. The
ToolTalk component of the software allows applications to communicate
with each other across different platforms and hosts via remote
procedure calls (RPC). The RPC database server manages those
communications.

The vulnerability comes as the result of a buffer overflow -- an
attack in which the amount of memory assigned to an application or
process is overrun, often with unpredictable results -- in the
_TT_CREATE_FILE procedure in the ToolTalk RPC database server,
according to CERT/CC, which is based at Carnegie Mellon University in
Pittsburgh. CERT/CC is a federally funded computer and network
security organization that frequently coordinates the release and
repair of software security holes.

By sending a specially crafted RPC message to the vulnerable
component, an attacker could gain the ability to run code on the
target system with the same privileges as the ToolTalk server, CERT/CC
said. Even if an attacker were not able to run code, the attack would
cause a denial of service, CERT/CC added.

CDE is included in software from IBM, Hewlett-Packard, Sun, Silicon
Graphics and others. Users should check with their vendors on whether
their systems are vulnerable and for patch status and availability.

More information about the vulnerability, including a list of affected
software, workarounds and patches, can be found in CERT/CC's advisory.

Another vulnerability which could lead to a denial-of-service attack
was found in the ToolTalk RPC database server in July.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: