Multiple Vendor CDE ToolTalk Database Server Heap Corruption Vulnerability

CDE ships with a daemon called the ToolTalk database server. The ToolTalk database server allows for programs designed for use in CDE to communicate with each other. It is enabled by default on most systems shipped with CDE.

A buffer overflow vulnerability has been reported in the ToolTalk RPC database server. The vulnerability exists when invoking the _TT_CREATE_FILE procedure.


 

Privacy Statement
Copyright 2010, SecurityFocus