RPC: TT Malformed RPC Message Format String
This signature detects attempts to exploit a known vulnerability against the ToolTalk rpc.ttdbserverd used in Common Desktop Environment (CDE) for Solaris, IRIX, HP-UX, and other platforms. The ToolTalk messaging server uses ttsession and RPC calls to enable communication between independent applications. Attackers can embed arbitrary commands in a maliciously crafted RPC message to cause the server to overflow an automatic variable on the stack, overwrite the activation records stored on the stack, and execute the embedded commands; attackers can gain complete control of server processes.
Extended Description
CDE ships with a daemon called the ToolTalk database server, which allows programs designed for use in CDE to communicate with each other. The server is enabled by default on most systems shipped with CDE. ToolTalk database server contains a remotely exploitable format-string vulnerability. Remote attackers may be able to cause a denial of service or gain root access on the target host.
Affected Products
Compaq tru64
Short Name
RPC:RPC.TTDBSERVER:TT-MAL-FS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
RPC
Keywords
CVE-2001-0717 Format Malformed Message RPC String TT bid:3382
Release Date
01/11/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
RPC/100083
False Positive
Unknown
Vendors
Ibm
Sun
Hp
Sgi
Caldera
Compaq
CVSS Score
10.0