[UNIX] Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service
From: support@securiteam.comDate: 11/18/01
- Previous message: support@securiteam.com: "[NEWS] Several JavaScript Vulnerabilities Found in Opera"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [UNIX] Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service Message-Id: <20011118122655.2DF73138BF@mail.der-keiler.de> Date: Sun, 18 Nov 2001 13:26:55 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control
Service
------------------------------------------------------------------------
SUMMARY
Internet Security Systems (ISS) X-Force has discovered a buffer overflow
in the Subprocess Control Server (dtspcd) in all Unix variants running CDE
(Common Desktop Environment) system. The vulnerability in the dtspcd
daemon may allow remote attackers to execute arbitrary commands on a
target system with super user privilege.
DETAILS
Affected versions:
Many Unix vendors are affected by this vulnerability.
ISS X-Force has been working with CERT on this issue. Please refer to the
CERT advisory at the following address for the current list of vulnerable
versions:
<http://www.cert.org/advisories/CA-2001-31.html>
http://www.cert.org/advisories/CA-2001-31.html
CDE is the default X-Windows GUI environment shipped with newer versions
of Sun Solaris and many other Unix variants. The Subprocess Control Server
daemon is not intended to be run by normal users and is spawned by other
components within the CDE system. Dtspcd is started by the Internet
services daemon (inetd) when a CDE client attempts to create a process on
the daemon's host.
A buffer overflow condition exists in the connection negotiation routine
within dtpscd. A remote attacker can generate a specially crafted CDE
client request to take advantage of the flaw and overflow exploit code
onto the heap. The attacker can use this exploit code to execute arbitrary
commands on the target system.
The Subprocess Control Server daemon is enabled by default on all
operating systems with CDE installed. This process is run by the "root"
user and accepts remote connections by default.
Recommendations:
This advisory was tentatively scheduled for release in December 2001. The
issue was made public in the following announcement before most vendors
were able to make patches available:
<ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/>
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
ISS X-Force encourages all affected users to check with your individual
vendors for patch availability. Users should take steps to disable or
limit access to the vulnerable service until patches are made available.
ADDITIONAL INFORMATION
The information has been provided by <mailto:xforce@iss.net> X-Force.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Several JavaScript Vulnerabilities Found in Opera"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
