Multiple Vendor CDE dtspcd Buffer Overflow Vulnerability

CDE is a Motif-based graphical user environment for UNIX systems. It is shipped with a number of commercial systems.

A buffer-overflow vulnerability in the 'dtspcd' component may allow a remote attacker to gain administrative privileges on the affected host. The overflow is believed to be in the libDtSvc library, which used by the 'Subprocess Control Service'. The overflow is exploitable through the 'dtspcd' service,a server utility that facilitates remote invocation of CDE utilities and commands. The 'dtspcd' service listens on TCP port 6112, runs with root privileges, and is enabled by default (through 'inetd') on many systems.


 

Privacy Statement
Copyright 2010, SecurityFocus