Bugtraq mailing list archives
rpc.ttdbserverd on solaris 7
From: strombrg () NIS ACS UCI EDU (Dan Stromberg)
Date: Tue, 16 Nov 1999 14:34:41 -0800
We recently had mass attempts at breaking into our systems through rpc.ttdbserverd. Some of the rpc.ttdbserverd's dumped core, including at least one on solaris 7. Some of our systems with noexec_user_stack and noexec_user_stack_log reported attempts to execute code on the stack. Needless to say, this is worrisome. The messages logged look like: Nov 12 18:47:01 foo.bar.baz /usr/dt/bin/rpc.ttdbserverd[646]: _Tt_file_system::findBestMountPoint -- max_match_entry is null, aborting... Nov 12 18:47:01 foo.bar.baz inetd[143]: /usr/dt/bin/rpc.ttdbserverd: Segmentation Fault - core dumped Nov 12 18:47:02 foo.bar.baz unix: rpc.ttdbserverd[1932] attempt to execute code on stack by uid 0 Nov 12 18:47:02 foo.bar.baz inetd[143]: /usr/dt/bin/rpc.ttdbserverd: Segmentation Fault - core dumped Nov 12 18:47:03 foo.bar.baz unix: rpc.ttdbserverd[1934] attempt to execute code on stack by uid 0 Nov 12 18:47:03 foo.bar.baz inetd[143]: /usr/dt/bin/rpc.ttdbserverd: Segmentation Fault - core dumped We looked at the situation a bit more, and discovered that there is an rpc.ttdbserverd patch for Solaris 7 (107893-02), but it actually isn't on the recommended patch list for some reason. Does this patch fix the vulnerability I've described? If yes, why would it not be recommended? If not, is a patch forthcoming? Does anyone have the exploit?
Current thread:
- rpc.ttdbserverd on solaris 7 Dan Stromberg (Nov 16)
- Re: rpc.ttdbserverd on solaris 7 Brent Paulson (Nov 18)