Preface: rpc.tooltalkd overflowLogo -Internet Security Systems

rpc.tooltalkd overflow
advICE :Intrusions : 2001703
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Intruder is attempting to exploit the buffer overflow weakness in ToolTalk.

ToolTalk details

ToolTalk is an interprocess communication facility built on top of SunRPC. It allows two applications to exchange ToolTalk messages.

A bug exists in the backend database server (rpc.ttdbserverd). A buffer overflow exploit in the RPC message can be used to execute code within the server process, which normally runs with root privileges.

Defense

The rpc.ttdbserverd should be disabled unless absolutely needed. This service should be firewalled. The latest patches should be applied.

 more information
CERT: CA-98.11.tooltalk  
 
CIAC: I-091   Stack Overflow in ToolTalk RPC Service
 
advICE: ToolTalk  
 
advICE: Buffer overflows  
More about this general class of attacks, which is the root cause of many attacks on the Internet.  
BugtraqID: 122   Multiple Vendor ToolTalk RPC Service Overflow Vulnerability
 
DEC: ToolTalk FAQ  
 
CVE-1999-0003   tooltalk overflow
 
NAI Advisory: 029   Stack Overflow in ToolTalk RPC Service
 

 parametric information
lengthThe length field - this number is larger than expected, thus indicating a possible buffer overflow attempt.

 
Version appeared:
Privacy Policy |  Copyright Info