Multiple Vendor CDE ToolTalk Database Server Heap Corruption Vulnerability

Caldera has stated that OpenUnix and OpenWare are vulnerable to this issue. Fixes are available.

Cray, Inc. ships with ToolTalk within the CrayTools product but the rpc.ttdbserverd is not turned on or used by any Cray provided application.

IBM has stated that AIX 4.3.3 and 5.1.0 are vulnerable to this issue. Efixes are currently being generated and will be available from the following site:

IBM will make available the following APARs in the near future:
AIX 4.3.3: IY32792
AIX 5.1.0: IY32793

SGI is currently investigating the issue.

Sun Microsystems has released patches for the vulnerability.

HP has stated that HP-MPE/ix HP OpenVMS HP NonStop Servers are not vulnerable to this issue. HP has also revised an advisory with fix information. Users running HP-UX 10.10 are advised to contact for fix information.

The following updates are available:


Sun Solaris 7.0

Sun Solaris 9

Sun Solaris 7.0_x86

Sun Solaris 8_x86

Sun Solaris 2.6

Sun Solaris 8_sparc

Sun Solaris 2.6_x86

HP HP-UX 10.20

HP HP-UX 10.24

HP HP-UX 11.0

HP HP-UX 11.0 4

HP HP-UX 11.11

Xi Graphics DeXtop 2.1

IBM AIX 4.3.3

Caldera UnixWare 7.1.1

Caldera OpenUnix 8.0


Privacy Statement
Copyright 2010, SecurityFocus