RealTime IT News

Buffer Flaw Found in ToolTalk

A remote tool found in a popular Unix and Linux application has a buffer overflow vulnerability, according to a group which publicized the breach Monday.

The common desktop environment ToolTalk database server program, common in most Unix systems around the world, can be hacked into and let unauthorized snoops collect personal information, gain root access to the server and establish back door access.

A team of security experts from Entercept Security Technologies found the bug and reported it to the Computer Emergency Response Team (CERT), which then contacted vendors. Equipment and software affected by the vulnerability are (and the fixes they recommend, if available):

  • Caldera (patch on its site)
  • Compaq Computer
  • Cray (remove the "/opt/ctl/bin/rpc.ttdbserverd" binary)
  • Data General
  • Fujitsu
  • Hewlett-Packard (investigating)
  • IBM (download patch)
  • SGI (investigating)
  • Sun Microsystems (download patch, when available)
  • The Open Group
  • Xi Graphics (download patch).

CERT officials said administrators should disable or block remote access to ToolTalk until systems have been updated.

The Entercept team found the software glitch by flooding the _TT_CREATE_FILE procedure with information, causing it to crash. They were then able to create an executable on the overflow data, giving them "root" access to the server.

Even an unsuccessful buffer overflow breach isn't good news, according to the team, which reported an "unsuccessful exploitation can still cause denial of service on a vulnerable system."

Components of the CDE ToolTalk program have come under the microsoft often this year. In April, two vulnerabilities were found: the first was a faulty file validator that's sent to _TT_ISCLOSE(); the other, a flaw that couldn't tell the difference between a real file and a symbolic link. Both were patched.