A vulnerability in the Common Desktop Environment (CDE) graphical user interface for the UNIX and Linux operating systems is being
actively exploited in attacks against Solaris systems, the Computer Emergency Response Team Coordination Center (CERT/CC) warned
Monday.
The vulnerability, discovered in November, consists of a remotely exploitable
buffer overflow in a library function used by the CDE Subprocess Control Service (dtspcd), a network daemon that accepts requests
from clients to execute commands and launch applications remotely. CERT said that on systems running CDE dtspcd is spawned by the
Internet services daemon (typically inetd or xinetd) in response to a CDE client request. dtspcd is typically configured to run on
port 6112/tcp with root privileges.
SunOS, Solaris talkd Buffer Overrun Vulnerability::
Exploit information is publicly available. Sun, AUSCERT, and CERT/CC are members of FIRST, the Forum of Incident Response
http://ciac.llnl.gov/ciac/bulletins/h-89.shtmlHOME |
During client negotiation, dtspcd accepts a length value and subsequent data from the client with performing adequate input
validation, CERT said. Using this flaw, an attacker can manipulate data sent to dtspcd, causing a buffer overflow and potentially
gaining the ability to execute code with root privileges.
#228526: Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for ::
http://www.kb.cert.org/vuls/id/179014. http://cve.mitre.org/cgi To determine the version of Mozilla on a Solaris system, the following command can be run:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1HOME |
4th quarter (Oct-Dec) 1997, sorted by date::
Re: wwwcount remote exploit (@ Solaris) Jan Wedekind. Security Hole in Explorer 4.0 Aleph One CERT Vendor-Initiated Bulletin VB-97.12 - opengroup Aleph One
http://www.dataguard.no/bugtraq/1997_4/date.htmlHOME |
Many UNIX systems ship with CDE installed and enabled by default.
CERT said it has received reports of scanning for dtspcd (6112/tcp) since the advisory on the vulnerability was released in
November, and now, using network traces provided by The Honeynet Project, CERT said it has confirmed that the vulnerability is being
actively exploited.
CERT Coordination Center::
to incident response, the SEI warns the community of vulnerabilities and CA-93:15.SunOS.and.Solaris.vulnerabilities. CA-93:16.sendmail.vulnerability
http://www.fas.org/irp/congress/1996_hr/s960605m.htmHOME |
Bleeding Edge Threats - markup - Bleeding: rules/bleeding-exploit.rules::
EDGE EXPLOIT CVS server heap overflow attempt (target Solaris); flow: to_server, False negative warning: JPEG ICC can be fragged into multiple chunks.
http://www.bleedingthreats.net/cgi-bin/viewcvs.cgi/rules/bules?rev=1.1767&view=autoHOME |
As a stopgap until patches are available, CERT suggested limiting or blocking access to the Subprocess Control Service from
untrusted networks by using a firewall or other packet-filtering technology. Additionally, CERT said it may be possible to use a TCP
wrapper to provide improved access control and logging functionality for dtspcd connections. CERT also suggested disabling dtspcd by
commenting out the appropriate entry in /etc/inetd.conf.
CERT also noted that several Internet-enabled games may use 6112/tcp as part of a legitimate function.
 Wind River Sends FreeBSD Home
 Palm Unveils Beta Bluetooth SDK
|
CERT Warns of Solaris Exploit 
PRINT
Add to favorites