Vulnerability Name:

CVE-1999-0687 (CCN-3693)

Assigned:1999-09-13
Published:1999-09-13
Updated:2018-10-30
Summary:The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: SGI Security Advisory 20020302-01-A
Additional CDE and CDE ToolTalk Vulnerabilities

Source: CCN
Type: BugTraq Mailing List, Mon, 13 Sep 1999 16:06:42 +0200
Vulnerability in ttsession

Source: MITRE
Type: CNA
CVE-1999-0687

Source: CCN
Type: Compaq Services Software Patches SSRT0617U_TTSESSION
Potential Security Problem when using ToolTalk session daemon

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00185
Common Desktop Environment (CDE)

Source: SUN
Type: UNKNOWN
00192

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00192
CDE and OpenWindows

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX9909-103
Security Vulnerability in CDE ttsession (Rev.01)

Source: CCN
Type: CERT Advisory CA-1999-11
Four Vulnerabilities in the Common Desktop Environment

Source: CCN
Type: CIAC Information Bulletin K-001
Four Vulnerabilities in the Common Desktop Environment

Source: CIAC
Type: UNKNOWN
K-001

Source: CCN
Type: OSVDB ID: 657
CDE ToolTalk ttsession Weak Authentication Arbitrary Command Execution

Source: CCN
Type: BID-6368
MySQL COM_TABLE_DUMP Memory Corruption Vulnerability

Source: BID
Type: UNKNOWN
637

Source: HP
Type: UNKNOWN
HPSBUX9909-103

Source: XF
Type: UNKNOWN
cde-ttsession-rpc-auth(3693)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cde:cde:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:cde:cde:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:cde:cde:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:cde:cde:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:cde:cde:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:cde:cde:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:cde:cde:2.120:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:digital:unix:4.0d:*:*:*:*:*:*:*
  • OR cpe:/o:digital:unix:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:4.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.4:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.3u1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5571
    V
    		ttsession uses weak RPC authentication mechanism
    2008-12-08
    BACK
    cde cde 1.0.1
    cde cde 1.0.2
    cde cde 1.1
    cde cde 1.2
    cde cde 2.0
    cde cde 2.1
    cde cde 2.120
    digital unix 4.0d
    digital unix 4.0f
    ibm aix 4.1
    ibm aix 4.1.1
    ibm aix 4.1.2
    ibm aix 4.1.3
    ibm aix 4.1.4
    ibm aix 4.1.5
    ibm aix 4.2
    ibm aix 4.2.1
    ibm aix 4.3
    ibm aix 4.3.1
    ibm aix 4.3.2
    sun solaris 2.4
    sun solaris 2.5
    sun solaris 2.5.1
    sun solaris 2.6
    sun solaris 7.0
    sun sunos -
    sun sunos 4.1.3u1
    sun sunos 4.1.4
    sun sunos 5.3
    sun sunos 5.4
    sun sunos 5.5
    sun sunos 5.5.1
    sun sunos 5.7