SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   ToolTalk (rpc.ttdbserver) Vendors:   [Multiple Authors/Vendors]
(Caldera Issues Fix for Open UNIX) ToolTalk Database Server Format String Flaw Lets Remote Users Gain Root Level Privileges on Several UNIX Operating System Platforms
SecurityTracker Alert ID:  1002687
SecurityTracker URL:  http://securitytracker.com/id/1002687
CVE Reference:   CVE-2001-0717   (Links to External Site)
Date:  Nov 2 2001
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): UnixWare 7, all versions; Open UNIX 8.0.0
Description:   Internet Security Systems warned of a format string vulnerability in several vendors' implementations of the ToolTalk RPC database server (rpc.ttdbserver) that could allow remote users to crash the service or obtain root level privileges on the server.

ToolTalk reportedly contains a syslog() call that accepts unfiltered user-supplied input and will interpret user-supplied formatting arguments, allowing a remote user to supply a specially crafted protocol message to execute arbitrary code via the syslog() call.

ISS notes that the rpc.ttdbserverd is enabled by default on many popular Unix operating systems, even when it is not required.
Impact:   A remote user can cause arbitrary code to be executed with root level privileges, yielding root level access on the server.
Solution:   The vendor has released a fix for UnixWare 7 and Open UNIX 8:

ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.29/

The verification checksums are:

4bbe212984cb84a6d371ec36b2fb47cc erg711780.Z

To upgrade the affected binaries, use the following commands:

# uncompress /tmp/erg711780.Z
# pkgadd -d /tmp/erg711780

See the Source Message for the vendor's advisory.
Vendor URL:  www.calderasystems.com/support/security/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   UNIX (Open UNIX-SCO)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 3 2001 ToolTalk Database Server Format String Flaw Lets Remote Users Gain Root Level Privileges on Several UNIX Operating System Platforms


 Source Message Contents
Date:  Thu, 1 Nov 2001 16:34:06 -0800
Subject:  Security Update: [CSSA-2001-SCO.29] Open UNIX, UnixWare 7: DCE ToolTalk library buffer overflow


--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com scoannmod@xenitec.on.ca


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare 7: DCE ToolTalk library buffer overflow
Advisory number: 	CSSA-2001-SCO.29
Issue date: 		2001 November 1
Cross reference:
___________________________________________________________________________


1. Problem Description
	
	There is a buffer overrun in the DCE ToolTalk library. Several
	programs in /usr/dt/bin use this library.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/dt/lib/libtt.so.1
	Open UNIX		8.0.0		/usr/dt/lib/libtt.so.1


3. Workaround

	None.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.29/


  4.2 Verification

	md5 checksums:
	
	4bbe212984cb84a6d371ec36b2fb47cc	erg711780.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711780.Z
	# pkgadd -d /tmp/erg711780


5. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr854237, fz519120, and erg711870.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


___________________________________________________________________________

--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvh6f4ACgkQaqoBO7ipriHTagCcDuPi1uYDO10nRRS8PgYgvmct
m+YAnjiitBBKij20N5g4PHP/MZOQo9Iw
=cwB8
-----END PGP SIGNATURE-----

--sdtB3X0nJg68CQEu--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC