Oval Definition:oval:org.mitre.oval:def:1099
Revision Date:2010-09-20Version:20
Title:Solaris 9 CDE ToolTalk Database Null Write Vulnerability
Description:CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0677
Platform(s):Sun Solaris 9
Product(s):Common Desktop Environment
Definition Synopsis
  • Software section
  • Solaris 9 Installed
  • AND Toolktalk (SUNWtltk/SUNWtltkx) installed
  • AND NOT Patch 112808-02 or later installed
  • AND Configuration section
  • inetd.conf contains rpc.ttdbserverd
  • AND inetd running
    • BACK