Multiple Vendor ToolTalk RPC Service Overflow Vulnerability
This is an implementation problem and can only be resolved completely by applying patches to or replacing affected software.
The following vendors have been confirmed vulnerable, contacted, and have responded with repair information:
Sun plans to release patches this week that relate to the ToolTalk vulnerability for SunOS 5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5 and 5.5_x86.
Sun recommended security patches (including checksums) are available from: http://sunsolve.sun.com/sunsolve/pubpatches/patches.html
HP-UX has been confirmed vulnerable in releases 10.XX and 11.00. HP has made patches available with the following identifications:
HP-UX release 10.10 HP9000 Series 7/800 PHSS_16150 HP-UX release 10.20 HP9000 Series 7/800 PHSS_16147 HP-UX release 10.24 HP9000 Series 7/800 PHSS_16197 HP-UX release 10.30 HP9000 Series 7/800 PHSS_16151 HP-UX release 11.00 HP9000 Series 7/800 PHSS_16148
IBM AIX has been confirmed vulnerable. IBM's response is as follows:
The version of ttdbserver shipped with AIX is vulnerable. The corresponding APAR's are:
APAR 4.1.x: IX81440 APAR 4.2.x: IX81441 APAR 4.3.x: IX81442
An official response from TriTeal is as follows: The ToolTalk vulnerability will be fixed in the TED4.4 release. For earlier versions of TED, please contact the TriTeal technical support department at email@example.com or at http://www.triteal.com/support
An official response from Xi Graphics is as follows: Xi Graphics Maximum CDE v1.2.3 is vulnerable to this attack. A patch to correct this problem can be located at:
* ftp://ftp.xig.com:/pub/updates/cde/1.2.3/C1203.002.tar.gz * ftp://ftp.xig.com:/pub/updates/cde/1.2.3/C1203.002.txt
Users of Maximum CDE v1.2.3 are urged to install this update.
Please refer to Silicon Graphics Inc. Security Advisory, "Vulnerability in ToolTalk RPC Service," Number: 19981101-01-A, distributed November 19, 1998 for additional information relating to this vulnerability.
The primary SGI anonymous FTP site for security information and patches is sgigate.sgi.com (22.214.171.124). Security information and patches are located under the directories ~ftp/security and ~ftp/patches, respectively. The Silicon Graphics Security Headquarters Web page is accessible at the URL http://www.sgi.com/Support/security/security.html.
Sun Solaris 2.4
Sun Solaris 2.4_x86
Sun Solaris 2.6_x86
Sun Solaris 2.6
Sun Solaris 2.3
IBM AIX 4.1
IBM AIX 4.1.1
IBM AIX 4.1.2
IBM AIX 4.1.3
IBM AIX 4.1.4
IBM AIX 4.1.5
IBM AIX 4.2
IBM AIX 4.2.1
IBM AIX 4.3