Discovered by Entercept Security Technologies, the vulnerability exists in the CDE ToolTalk message brokering system, which uses remote procedure calls (RPC) to enable applications on different hosts and platforms to communicate with one another. The specific component vulnerable to attack is the ToolTalk RCP database server, CERT/CC's advisory says.
The database server runs with root privileges on most systems, CERT/CC says, which means an attacker who exploits the vulnerability would likewise have root access to the server. Solutions include disabling the ToolTalk RPC database service until a patch can be applied.
Vendors are in various stages of releasing those patches, but most do not yet have them available. Entercept's alert says the vendors affected are: Caldera, Compaq, Cray, Data General, Fujitsu, Hewlett-Packard, IBM, SGI, Sun Microsystems, The Open Group and Xi Graphics.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i For more information on the vulnerability, including where to get patches, see the CERT/CC advisory at: http://www.cert.org/advisories/CA-2002-26.html. Entercept's advisory is at: http://www.entercept.com/news/uspr/08-12-02.asp.