Multiple Vendor ToolTalk RPC Service Overflow Vulnerability

This is an implementation problem and can only be resolved completely by applying patches to or replacing affected software.

The following vendors have been confirmed vulnerable, contacted, and have responded with repair information:

Sun Microsystems

Sun plans to release patches this week that relate to the ToolTalk vulnerability for SunOS 5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5 and 5.5_x86.

Sun recommended security patches (including checksums) are available from:

Hewlett Packard

HP-UX has been confirmed vulnerable in releases 10.XX and 11.00. HP has made patches available with the following identifications:

HP-UX release 10.10 HP9000 Series 7/800 PHSS_16150 HP-UX release 10.20 HP9000 Series 7/800 PHSS_16147 HP-UX release 10.24 HP9000 Series 7/800 PHSS_16197 HP-UX release 10.30 HP9000 Series 7/800 PHSS_16151 HP-UX release 11.00 HP9000 Series 7/800 PHSS_16148


IBM AIX has been confirmed vulnerable. IBM's response is as follows:

The version of ttdbserver shipped with AIX is vulnerable. The corresponding APAR's are:

APAR 4.1.x: IX81440 APAR 4.2.x: IX81441 APAR 4.3.x: IX81442


An official response from TriTeal is as follows: The ToolTalk vulnerability will be fixed in the TED4.4 release. For earlier versions of TED, please contact the TriTeal technical support department at or at

Xi Graphics

An official response from Xi Graphics is as follows: Xi Graphics Maximum CDE v1.2.3 is vulnerable to this attack. A patch to correct this problem can be located at:

* *

Users of Maximum CDE v1.2.3 are urged to install this update.

Silicon Graphics

Please refer to Silicon Graphics Inc. Security Advisory, "Vulnerability in ToolTalk RPC Service," Number: 19981101-01-A, distributed November 19, 1998 for additional information relating to this vulnerability.

The primary SGI anonymous FTP site for security information and patches is ( Security information and patches are located under the directories ~ftp/security and ~ftp/patches, respectively. The Silicon Graphics Security Headquarters Web page is accessible at the URL

Sun Solaris 2.4
  • Sun 102734-05

Sun Solaris 2.4_x86
  • Sun 108641-01

Sun Solaris 2.6_x86
  • Sun 105803-05

Sun Solaris 2.6
  • Sun 105802-05

Sun Solaris 2.3
  • Sun 101495-03

  • IBM IX81440

IBM AIX 4.1.1
  • IBM IX81440

IBM AIX 4.1.2
  • IBM IX81440

IBM AIX 4.1.3
  • IBM IX81440

IBM AIX 4.1.4
  • IBM IX81440

IBM AIX 4.1.5
  • IBM IX81440

  • IBM IX81441

IBM AIX 4.2.1
  • IBM IX81441

  • IBM IX81442


Privacy Statement
Copyright 2010, SecurityFocus