The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

3.  Remote Procedure Call (RPC) weaknesses in rpc.ttdbserverd (ToolTalk), rpc.cmsd (Calendar Manager), and rpc.statd that allows immediate root compromise.

Version Effected: Multiple UNIX and Linux versions effected.

CVE Entries:  rpc.ttdbserverd (ToolTalk) - CVE-1999-0687, CVE-1999-0693, CVE-1999-0003
                        rpc.cmsd (Calendar Manager) - CVE-1999-0696
                        rpc.statd - CVE-1999-0018, CVE-1999-0019

Details:  Three separate UNIX and Linux services are effected.  The first being rpc.ttdbserverd, an implementation fault in the object database server allows a remote attacker to run arbitrary code as root on hosts supporting the rpc.ttdbserverd service. The second issue is with rpc.cmsd has a known buffer overflow that allows a remote attacker gain root access.  The last issue is in rpc.statd and is an exploit that uses rpc.statd's ability to relay rpc calls to other rpc services without being validated by the access controls of the other rpc services. This can give the attacker the ability to redirect malicious rpc commands through rpc.statd (which runs as root) to services they may not normally have access to.

Reccomendations:  As in most cases, if the services are not required it is recommended that they be turned off or disabled.  On systems requiring any of these services is it recommended that you upgrade to the latest patch level from your vendor.

Additional Information: 

http://www.cert.org/advisories/CA-99-11-CDE.html

http://www.cert.org/advisories/CA-99-05-statd-automountd.html

http://www.cert.org/advisories/CA-99-08-cmsd.html

http://www.cert.org/incident_notes/IN-99-04.html

http://www.sans.org/topten.htm

 

 

Contact: info@razor.bindview.com | | Bindview Home