|
|
| |
| Internet Security Systems (ISS) X-Force has discovered a buffer overflow in the Subprocess Control Server (dtspcd) in all Unix variants running CDE (Common Desktop Environment) system. The vulnerability in the dtspcd daemon may allow remote attackers to execute arbitrary commands on a target system with super user privilege. |
| |
Credit:
The information has been provided by X-Force.
|
| |
Affected versions:
Many Unix vendors are affected by this vulnerability.
ISS X-Force has been working with CERT on this issue. Please refer to the CERT advisory at the following address for the current list of vulnerable versions:
http://www.cert.org/advisories/CA-2001-31.html
CDE is the default X-Windows GUI environment shipped with newer versions of Sun Solaris and many other Unix variants. The Subprocess Control Server daemon is not intended to be run by normal users and is spawned by other components within the CDE system. Dtspcd is started by the Internet services daemon (inetd) when a CDE client attempts to create a process on the daemon's host.
A buffer overflow condition exists in the connection negotiation routine within dtpscd. A remote attacker can generate a specially crafted CDE client request to take advantage of the flaw and overflow exploit code onto the heap. The attacker can use this exploit code to execute arbitrary commands on the target system.
The Subprocess Control Server daemon is enabled by default on all operating systems with CDE installed. This process is run by the "root" user and accepts remote connections by default.
Recommendations:
This advisory was tentatively scheduled for release in December 2001. The issue was made public in the following announcement before most vendors were able to make patches available: ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
ISS X-Force encourages all affected users to check with your individual vendors for patch availability. Users should take steps to disable or limit access to the vulnerable service until patches are made available.
|
|
|
