Flaw Found in Popular Unix, Linux GUI
The CERT Coordination Center (CERT/CC) this week issued an advisory regarding a buffer overflow vulnerability in the Common Desktop Environment (CDE), a graphical user interface employed in numerous Unix and Linux systems. The vulnerability could enable attackers to execute code or cause a denial of service.Discovered by Entercept Security Technologies, the vulnerability exists in the CDE ToolTalk message brokering system, which uses remote procedure calls (RPC) to enable applications on different hosts and platforms to communicate with one another. The specific component vulnerable to attack is the ToolTalk RCP database server, CERT/CC's advisory says.
The database server runs with root privileges on most systems, CERT/CC says, which means an attacker who exploits the vulnerability would likewise have root access to the server. Solutions include disabling the ToolTalk RPC database service until a patch can be applied.
Vendors are in various stages of releasing those patches, but most do not yet have them available. Entercept's alert says the vendors affected are: Caldera, Compaq, Cray, Data General, Fujitsu, Hewlett-Packard, IBM, SGI, Sun Microsystems, The Open Group and Xi Graphics.
Digg
DZone
Reddit
Slashdot
StumbleUpon
del.icio.us
Facebook
FriendFeed
FurlFor more information on the vulnerability, including where to get patches, see the CERT/CC advisory at: http://www.cert.org/advisories/CA-2002-26.html. Entercept's advisory is at: http://www.entercept.com/news/uspr/08-12-02.asp.
Calls for increased regulation in the wake of economic disaster will have a direct impact on storage and e-discovery efforts. Regulations to improve corporate governance and transparency will likely be at the forefront of future regulatory efforts, which will have consequences for e-mail storage and management. Download this Internet.com eBook to learn more.
