CDE rpc.ttdbserver daemon allows remote root access

Risk Level: High risk vulnerability  High

Check or Attack Name: ToolTalk Overflow
Platforms: IRIX: 5.3, IRIX: 6.2, IRIX: 6.3, IRIX: 6.4, Solaris: 2.3, Solaris: 2.4, Solaris: 2.5, Solaris: 2.5.1, SunOS: 4.1.x, SunOS: 4.1.3, Solaris: 2.6, HPUX: 10.10, HPUX: 11.00, AIX: 4.1.x, AIX: 4.2.x, AIX: 4.3.x, HPUX: 10.20, HPUX: 10.30, SCO UnixWare: 7, Common Desktop Environment (CDE)
Description:

ToolTalk is a utility that allows applications to exchange messages between each other. A stack overflow in the rpc.ttdbserver could allow a remote attacker to execute arbitrary code with root privileges.
Remedy:

Immediately disable the rpc.ttdbserver service and obtain and install patches from your vendor.
References:

Silicon Graphics Inc. Security Advisory 19981101-01-A, Vulnerability in ToolTalk RPC Service, ftp://sgigate.sgi.com/security/19981101-01-A

CERT Advisory CA-98.11, Vulnerability in ToolTalk RPC Service, http://www.cert.org/ftp/cert_advisories/CA-98.11.tooltalk

Hewlett-Packard Security Bulletin HPSBUX9808-084, Security Vulnerability in dtmail/rpc.ttdbserverd on HP-UX, http://us-support.external.hp.com/

Network Associates, Inc. Security Advisory #29, Stack Overflow in ToolTalk RPC Service, http://www.nai.com/nai_labs/asp_set/advisory/29_ttdbserver_adv.asp

SCO Security Bulletin 98.04, Security Vulnerability in ToolTalk, ftp://ftp.sco.com/SSE/security_bulletins/SB-98.04a

Silicon Graphics Inc. Security Advisory 19981101-01-PX, Vulnerability in ToolTalk RPC Service, ftp://sgigate.sgi.com/security/19981101-01-PX

CERT Incident Note IN-99-04, Similar Attacks Using Various RPC Services, http://www.cert.org/incident_notes/IN-99-04.html
X-Force Logo
Know Your Risks