Vulnerability CVE-1999-0003 - CERT Civis.Net

Vulnerability Name:

CVE-1999-0003 (CCN-1408)

Assigned:

1998-04-01

Published:

1998-04-01

Updated:

2018-10-30

Summary:

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: SGI Security Advisory 19981101-01-A
Vulnerability in ToolTalk RPC Service

Source: SGI
Type: UNKNOWN
19981101-01-A

Source: CCN
Type: SGI Security Advisory 19981101-01-PX
Vulnerability in ToolTalk RPC Service

Source: SGI
Type: UNKNOWN
19981101-01-PX

Source: CCN
Type: SGI Security Advisory 20020302-01-A
Additional CDE and CDE ToolTalk Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin I-090
HP-UX dtmail/rpc.ttdbserverd Vulnerability

Source: MITRE
Type: CNA
CVE-1999-0003

Source: CCN
Type: Network Associates, Inc. COVERT Labs Security Advisory #29, August 31, 1998
Stack Overflow in ToolTalk RPC Service

Source: CCN
Type: CERT Advisory CA-1998-11
Vulnerability in ToolTalk RPC Service

Source: CCN
Type: CERT Incident Note IN-1999-04
Similar Attacks Using Various RPC Services

Source: CCN
Type: OSVDB ID: 4505
CDE ToolTalk RPC Service Remote Overflow

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX9808-084
Security Vulnerability in dtmail/rpc.ttdbserverd on HP-UX

Source: CCN
Type: SCO Security Web site
Security Fixes

Source: BID
Type: UNKNOWN
122

Source: CCN
Type: BID-122
Multiple Vendor ToolTalk RPC Service Overflow Vulnerability

Source: CCN
Type: FedCIRC Advisory FA-98.88
HP-UX dtmail/rpc.ttdbserverd Vulnerability

Source: XF
Type: UNKNOWN
tooltalk(1408)

Vulnerable Configuration:

Configuration 1:

cpe:/a:tritreal:ted_cde:4.3:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:5.2:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:5.3:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.0:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.1:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.2:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.3:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.4:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:hp:hp-ux:10.01:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:10.02:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:10.03:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.5:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.2.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:-:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.0:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.1:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.2:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*

AND

cpe:/o:ibm:aix:*:*:*:*:*:*:*:*

OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:5.3:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.2:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.3:*:*:*:*:*:*:*

OR cpe:/o:sgi:irix:6.4:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:4.1:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:10.30:*:*:*:*:*:*:*

OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*

OR cpe:/o:sco:unixware:7.0.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.3.2:*:*:*:*:*:*:*

OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.3.3:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.3.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.1.5:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.2.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.2.1.12:*:*:*:*:*:*:*

Denotes that component is vulnerable