• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor ToolTalk RPC Service Overflow Vulnerability

Solution:
This is an implementation problem and can only be resolved completely by applying patches to or replacing affected software.

The following vendors have been confirmed vulnerable, contacted, and have responded with repair information:

Sun Microsystems

Sun plans to release patches this week that relate to the ToolTalk vulnerability for SunOS 5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5 and 5.5_x86.

Sun recommended security patches (including checksums) are available from: http://sunsolve.sun.com/sunsolve/pubpatches/patches.html

Hewlett Packard

HP-UX has been confirmed vulnerable in releases 10.XX and 11.00. HP has made patches available with the following identifications:

HP-UX release 10.10 HP9000 Series 7/800 PHSS_16150 HP-UX release 10.20 HP9000 Series 7/800 PHSS_16147 HP-UX release 10.24 HP9000 Series 7/800 PHSS_16197 HP-UX release 10.30 HP9000 Series 7/800 PHSS_16151 HP-UX release 11.00 HP9000 Series 7/800 PHSS_16148

IBM

IBM AIX has been confirmed vulnerable. IBM's response is as follows:

The version of ttdbserver shipped with AIX is vulnerable. The corresponding APAR's are:

APAR 4.1.x: IX81440 APAR 4.2.x: IX81441 APAR 4.3.x: IX81442

TriTeal

An official response from TriTeal is as follows: The ToolTalk vulnerability will be fixed in the TED4.4 release. For earlier versions of TED, please contact the TriTeal technical support department at support@triteal.com or at http://www.triteal.com/support

Xi Graphics

An official response from Xi Graphics is as follows: Xi Graphics Maximum CDE v1.2.3 is vulnerable to this attack. A patch to correct this problem can be located at:

* ftp://ftp.xig.com:/pub/updates/cde/1.2.3/C1203.002.tar.gz * ftp://ftp.xig.com:/pub/updates/cde/1.2.3/C1203.002.txt

Users of Maximum CDE v1.2.3 are urged to install this update.

Silicon Graphics

Please refer to Silicon Graphics Inc. Security Advisory, "Vulnerability in ToolTalk RPC Service," Number: 19981101-01-A, distributed November 19, 1998 for additional information relating to this vulnerability.

The primary SGI anonymous FTP site for security information and patches is sgigate.sgi.com (204.94.209.1). Security information and patches are located under the directories ~ftp/security and ~ftp/patches, respectively. The Silicon Graphics Security Headquarters Web page is accessible at the URL http://www.sgi.com/Support/security/security.html.


Sun Solaris 2.4

• Sun 102734-05
  

Sun Solaris 2.4_x86

• Sun 108641-01
  

Sun Solaris 2.6_x86

• Sun 105803-05
  

Sun Solaris 2.6

• Sun 105802-05
  

Sun Solaris 2.3

• Sun 101495-03
  

IBM AIX 4.1

• IBM IX81440
  

IBM AIX 4.1.1

• IBM IX81440
  

IBM AIX 4.1.2

• IBM IX81440
  

IBM AIX 4.1.3

• IBM IX81440
  

IBM AIX 4.1.4

• IBM IX81440
  

IBM AIX 4.1.5

• IBM IX81440
  

IBM AIX 4.2

• IBM IX81441
  

IBM AIX 4.2.1

• IBM IX81441
  

IBM AIX 4.3

• IBM IX81442