The CERT Coordination Center (CERT/CC) this week issued an advisory regarding a buffer overflow vulnerability in the Common Desktop Environment (CDE), a graphical user interface employed in numerous Unix and Linux systems. The vulnerability could enable attackers to execute code or cause a denial of service.

Discovered by Entercept Security Technologies, the vulnerability exists in the CDE ToolTalk message brokering system, which uses remote procedure calls (RPC) to enable applications on different hosts and platforms to communicate with one another. The specific component vulnerable to attack is the ToolTalk RCP database server, CERT/CC's advisory says.

The database server runs with root privileges on most systems, CERT/CC says, which means an attacker who exploits the vulnerability would likewise have root access to the server. Solutions include disabling the ToolTalk RPC database service until a patch can be applied.


Vendors are in various stages of releasing those patches, but most do not yet have them available. Entercept's alert says the vendors affected are: Caldera, Compaq, Cray, Data General, Fujitsu, Hewlett-Packard, IBM, SGI, Sun Microsystems, The Open Group and Xi Graphics.

For more information on the vulnerability, including where to get patches, see the CERT/CC advisory at: http://www.cert.org/advisories/CA-2002-26.html. Entercept's advisory is at: http://www.entercept.com/news/uspr/08-12-02.asp.