Matt wrote:

Hi,

Would this impact SuSE 7.2 and is there a fix for SuSE ?

Regards

Matt

...

From Subject Received Cc Sent Bcc CERT Advisory CERT Advisory CA-2001-27 Fri 10/5/01 10:05 PM Fri 10/5/01 7:52 PM

Overview

There is a remotely exploitable format string vulnerability in the CDE ToolTalk RPC database service. This vulnerability could be used to crash the service or execute arbitrary code, potentially allowing an intruder to gain root access. This vulnerability is documented in VU#595507.

This document is available from: http://www.cert.org/advisories/CA-2001-27.html

CDE is the X desktop for sun(and other) OS's, ToolTalk AFAIK is sun sepcific.. so I doubt it... but I could be wrong! - Stuart Harris - <stuart at xinitsystems.com> - Xinit Systems, Building linux the way it should be! www.xinitsystems.com

On Mon, 8 Oct 2001, Matt wrote:

From: Matt To: suse-security@suse.de Date: Mon, 08 Oct 2001 14:42:22 +0100 Subject: [suse-security] Impact on Linux and SuSE ?

Hi,

Would this impact SuSE 7.2 and is there a fix for SuSE ?

SuSE does not contain the daemon (rpc.ttdbserverd or similar) in question and is therefore not vulnerable. I don't know of any Linux distribution that ships this kind of software. People see an increased amount of portscans to port 111 now, which are signs of the vulnerability being actively exploited. The exploit must contact the rpc-portmapper at port 111 to ask for the port of the ttdb server.

This document is available from: http://www.cert.org/advisories/CA-2001-27.html

I'll have to investigate this a bit further to make sure we don't have something that is called differently but might be the same or even use the same codebase. If you don't hear anything very soon, then forget it again! Thanks, Roman. -- - - | Roman Drahtmüller // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -