Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multi-Vendor CDE ToolTalk Database Server Remote Buffer Overflow Vuln.

Multi-Vendor CDE ToolTalk Database Server Remote Buffer Overflow Vuln.

by Nikola Strahija on August 12th, 2002 The ToolTalk component allows applications to communicate with each other via remote procedure calls (RPC) across different hosts and platforms. The ToolTalk RPC database server manages connections between ToolTalk applications. Most Unix environments include CDE and ToolTalk in their default installations.


_TT_CREATE_FILE procedure in the ToolTalk RPC database server is
vulnerable to a buffer overflow. In most environments, this translates to
a heap buffer overflow vulnerability that renders current non-executable
stack protection mechanisms useless and can be bypassed.

A successful attack exploiting this buffer overflow vulnerability would
enable the attacker to run code with the privileges of the ToolTalk RPC
database server that typically runs as root. Unsuccessful exploitation can
still cause a denial of service on a vulnerable system.

VENDORS AFFECTED:
- Caldera
- Compaq Computer Corporation
- Cray Inc.
- Data General
- Fujitsu
- Hewlett Packard
- IBM
- SGI
- Sun Microsystems Inc.
- The Open Group
- Xi Graphics

Entercept worked directly with CERT (Computer Emergency Response Team), to
ensure that the vendors had the technical details necessary to develop
their patches and issue security advisories. The CERT advisory will be
available at: http://www.cert.org/advisories/CA-2002-26.html


ACKNOWLEDGEMENTS/INFORMATION RESOURCES:
This vulnerability was discovered and researched by Sinan Eren of the
Entercept Ricochet Team.

ABOUT ENTERCEPT RICOCHET:
Entercept’s Ricochet team is a specialized group of security researchers
dedicated to identifying, assessing, and evaluating intelligence regarding
server threats. The Ricochet team researches current and future avenues of
attack and builds this knowledge into Entercept’s intrusion prevention
solution. Ricochet is dedicated to providing critical, viable security
content via security advisories and technical briefs. This content is
designed to educate organizations and security professionals about the
nature and severity of Internet security threats, vulnerabilities and
exploits.

Copyright Entercept Security Technologies. All rights reserved. Entercept
and the Entercept logo are trademarks of Entercept Security Technologies.
All other trademarks, trade names or service marks are the property of
their respective owners.

DISCLAIMER STATEMENT:
The information in this bulletin is provided by Entercept Security
Technologies, Inc. ("Entercept") and is intended to provide information on
a particular security issue or incident. Given that each exploitation
technique is unique, Entercept makes no claim to prevent any specific
exploit related to the vulnerability discussed in this bulletin. Entercept
expressly disclaims any and all warranties with respect to the information
provided in this bulletin, express or implied or otherwise, including, but
not limited to, warranty of fitness for a particular purpose. Under no
circumstances may this information be used to exploit vulnerabilities in
any other environment.
http://www.entercept.com/news/uspr/08-12-02.asp



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »