today announced the discovery of an implementation fault in the UNIX
ToolTalk object database server.
The problem could allow a remote attacker to break into a single Internet
server, then use it as a stepping stone to infiltrate other corporate
computers, the company said, ultimately obtaining full access and control
of otherwise secure computers inside the network.
By exploiting this vulnerability, an attacker is able to run arbitrary code
on hosts supporting the ToolTalk service.
Security researchers estimate that as many as 70% of all Internet-connected machines could potentially be at risk. The affected program runs on many popular UNIX operating systems supporting the Common Desktop Environment and some Open Windows installs.
A complete technical description of this threat and how to update your
protection is available at the Network Associates Web site.