APP: CDE dtspcd Overflow
This signature detects attempts to exploit a known vulnerability against CDE, a Motif-based GUI for UNIX systems. Attackers can use dtspcd, a server program that listens on TCP/6112, to overflow the buffer in the libDtSvc library and gain administrative privileges. This signature can also trigger on Bittorent traffic running on TCP/6112.
Extended Description
CDE is a Motif-based graphical user environment for UNIX systems. It is shipped with a number of commercial systems. A buffer-overflow vulnerability in the 'dtspcd' component may allow a remote attacker to gain administrative privileges on the affected host. The overflow is believed to be in the libDtSvc library, which used by the 'Subprocess Control Service'. The overflow is exploitable through the 'dtspcd' service,a server utility that facilitates remote invocation of CDE utilities and commands. The 'dtspcd' service listens on TCP port 6112, runs with root privileges, and is enabled by default (through 'inetd') on many systems.
Affected Products
Compaq tru64
Short Name
APP:CDE-DTSPCD-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CA-2001-31 CDE CVE-2001-0803 Overflow bid:3517 dtspcd
Release Date
04/25/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3408
Port
TCP/6112
False Positive
Unknown
Vendors
Ibm
Sun
Hp
Sgi
Xi_graphics
Caldera
Open_group
Compaq
CVSS Score
10.0