(Compaq Issues Fix) ToolTalk Database Server Format String Flaw Lets Remote Users Gain Root Level Privileges on Several UNIX Operating System Platforms
|
Date: Oct 7 2001
|
Impact: Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Internet Security Systems (X-Force)
|
Version(s): Tru64/DIGITAL UNIX V4.0f, V4.0g, V5.0a, V5.1, and V5.1a
|
Description: Internet Security Systems warned of a format string vulnerability in several vendors' implementations of the ToolTalk RPC database
server (rpc.ttdbserver) that could allow remote users to crash the service or obtain root level privileges on the server.
ToolTalk reportedly contains a syslog() call that accepts unfiltered user-supplied input and will interpret user-supplied formatting
arguments, allowing a remote user to supply a specially crafted protocol message to execute arbitrary code via the syslog() call.
ISS
notes that the rpc.ttdbserverd is enabled by default on many popular Unix operating systems, even when it is not required.
|
Impact: A remote user can cause arbitrary code to be executed with root level privileges, yielding root level access on the server.
|
Solution: The vendor has released a patch for all supported versions of Tru64/DIGITAL UNIX V4.0f, V4.0g, V5.0a, V5.1, and V5.1a. To obtain
a patch for prior versions, Compaq advises users to contact their normal Compaq Services support channel.
The following patches
are available from the Compaq FTP site http://ftp1.support.compaq.com/public/dunix/ then choose the version directory needed and
search for the patch by name.
The patch names are:
DUV40F17-C0056200-11703-ER-20010928.tar
T64V40G17-C0007000-11704-ER-20010928.tar
T64V50A17-C0015500-11705-ER-20010928.tar
T64V5117-C0065200-11706-ER-20010928.tar
T64V51Assb-C0000800-11707-ER-20010928.tar
|
Cause: Input validation error
|
Underlying OS: UNIX (Tru64)
|
Underlying OS Comments: Other operating systems may be affected
|
Reported By: "Boren, Rich (SSRT)" <Rich.Boren@COMPAQ.com>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Sat, 6 Oct 2001 09:47:11 -0600
From: "Boren, Rich (SSRT)" <Rich.Boren@COMPAQ.com>
Subject: FW: [advisory] SSRT0767u Potential rpc.ttdbserverd buffer overflow
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NO RESTRICTION FOR DISTRIBUTION
PROVIDED THE ADVISORY REMAINS INTACT
TITLE: SSRT0767U Potential rpc.ttdbserverd buffer overflow
CASE ID: SSRT0767U
(X-REF: CVE CAN-2001-0717, x-force 02-oct-2001,
CERT CA-2001-27)
SOURCE: Compaq Computer Corporation
Software Security Response Team
DATE: 02-Oct-2001
(c) Copyright 2001 Compaq Computer Corporation. All rights reserved.
"Compaq is broadly distributing this Security Advisory in order
to bring to the attention of users of Compaq products the
important security information contained in this Advisory.
Compaq recommends that all users determine the applicability of
this information to their individual situations and take
appropriate action.
Compaq does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently,
Compaq will not be responsible for any damages resulting from
user's use or disregard of the information provided in this
Advisory."
Severity: low
This potential security vulnerability has not been
reproduced for any release of Compaq Tru64 Unix.
However with the information available, we are providing
a patch that will further reduce any potential
vulnerability.
A patch has been made available for all supported
versions of Tru64/ DIGITAL UNIX V4.0f, V4.0g, V5.0a,
V5.1, and V5.1a. To obtain a patch for prior versions
contact your normal Compaq Services support channel.
*This solution will be included in a future distributed
release of Compaq's Tru64 / DIGITAL UNIX.
The patches identified are available from the Compaq FTP site
http://ftp1.support.compaq.com/public/dunix/ then choose the
version directory needed and search for the patch by name.
The patch names are:
DUV40F17-C0056200-11703-ER-20010928.tar
T64V40G17-C0007000-11704-ER-20010928.tar
T64V50A17-C0015500-11705-ER-20010928.tar
T64V5117-C0065200-11706-ER-20010928.tar
T64V51Assb-C0000800-11707-ER-20010928.tar
To subscribe to automatically receive future NEW Security
Advisories from the Software Security Response Team at
Compaq via electronic mail,
Use your browser to get to the
http://www.support.compaq.com/patches/mailing-list.shtml
and sign up. Select "Security and Individual Notices" for
immediate dispatch notifications.
To report a potential security vulnerability for Compaq
products, send email to security-ssrt@compaq.com
If you need further information, please contact your normal
Compaq Services support channel.
Compaq appreciates your cooperation and patience. As always,
Compaq urges you to periodically review your system management
and security procedures. Compaq will continue to review and
enhance the security features of its products and work
with customers to maintain and improve the security and
integrity of their systems.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBO78nlDnTu2ckvbFuEQKetQCg4wWYlBghvodt3FcggpMWzoYYQNIAoOBu
59ftYye4zJnazHWnZHQqEPBY
=JKbN
-----END PGP SIGNATURE-----
---
You are currently subscribed to security as: ***********************
To unsubscribe send a blank email to *********************@list.support.compaq.com
|
|
