[26630] in bugtraq
ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database
daemon@ATHENA.MIT.EDU (Ricochet@entercept.com)
Mon Aug 12 15:15:02 2002
Date: 12 Aug 2002 13:40:04 -0000
Message-ID: <20020812134004.19214.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <Ricochet@entercept.com>
To: bugtraq@securityfocus.com
*******ENTERCEPT RICOCHET ADVISORY*******
Date: Monday, August 12, 2002
Issue: Multi-Vendor CDE ToolTalk Database Server Remote Buffer Overflow
Vulnerability
DETAILS:
The ToolTalk component allows applications to communicate with each other
via remote procedure calls (RPC) across different hosts and platforms.
The ToolTalk RPC database server manages connections between ToolTalk
applications. Most Unix environments include CDE and ToolTalk in their
default installations.
_TT_CREATE_FILE procedure in the ToolTalk RPC database server is
vulnerable to a buffer overflow. In most environments, this translates to
a heap buffer overflow vulnerability that renders current non-executable
stack protection mechanisms useless and can be bypassed.
A successful attack exploiting this buffer overflow vulnerability would
enable the attacker to run code with the privileges of the ToolTalk RPC
database server that typically runs as root. Unsuccessful exploitation can
still cause a denial of service on a vulnerable system.
VENDORS AFFECTED:
- Caldera
- Compaq Computer Corporation
- Cray Inc.
- Data General
- Fujitsu
- Hewlett Packard
- IBM
- SGI
- Sun Microsystems Inc.
- The Open Group
- Xi Graphics
Entercept worked directly with CERT (Computer Emergency Response Team), to
ensure that the vendors had the technical details necessary to develop
their patches and issue security advisories. The CERT advisory will be
available at: http://www.cert.org/advisories/CA-2002-26.html
ACKNOWLEDGEMENTS/INFORMATION RESOURCES:
This vulnerability was discovered and researched by Sinan Eren of the
Entercept Ricochet Team.
ABOUT ENTERCEPT RICOCHET:
Entercept’s Ricochet team is a specialized group of security researchers
dedicated to identifying, assessing, and evaluating intelligence regarding
server threats. The Ricochet team researches current and future avenues of
attack and builds this knowledge into Entercept’s intrusion prevention
solution. Ricochet is dedicated to providing critical, viable security
content via security advisories and technical briefs. This content is
designed to educate organizations and security professionals about the
nature and severity of Internet security threats, vulnerabilities and
exploits.
Copyright Entercept Security Technologies. All rights reserved. Entercept
and the Entercept logo are trademarks of Entercept Security Technologies.
All other trademarks, trade names or service marks are the property of
their respective owners.
DISCLAIMER STATEMENT:
The information in this bulletin is provided by Entercept Security
Technologies, Inc. ("Entercept") and is intended to provide information on
a particular security issue or incident. Given that each exploitation
technique is unique, Entercept makes no claim to prevent any specific
exploit related to the vulnerability discussed in this bulletin. Entercept
expressly disclaims any and all warranties with respect to the information
provided in this bulletin, express or implied or otherwise, including, but
not limited to, warranty of fitness for a particular purpose. Under no
circumstances may this information be used to exploit vulnerabilities in
any other environment.
http://www.entercept.com/news/uspr/08-12-02.asp
###
