CVE-2002-0679

Current Description

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

Basic Data

PublishedSeptember 05, 2002
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCalderaUnixware7.0*******
    2.3ApplicationCalderaUnixware7.1.0*******
    2.3ApplicationCalderaUnixware7.1.1*******
    2.3ApplicationXi GraphicsDextop2.1*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCalderaOpenunix8.0*******
    2.3OSCompaqTru644.0f*******
    2.3OSCompaqTru644.0g*******
    2.3OSCompaqTru645.0a*******
    2.3OSCompaqTru645.1*******
    2.3OSCompaqTru645.1a*******
    2.3OSHpHp-ux10.10*******
    2.3OSHpHp-ux10.20*******
    2.3OSHpHp-ux10.24*******
    2.3OSHpHp-ux11.00*******
    2.3OSHpHp-ux11.11*******
    2.3OSIbmAix4.3.3*******
    2.3OSIbmAix5.1*******
    2.3OSSunSolaris2.6*******
    2.3OSSunSolaris9.0*sparc*****
    2.3OSSunSunos5.5.1*******
    2.3OSSunSunos5.7*******
    2.3OSSunSunos5.8*******

Vulnerable Software List

VendorProductVersions
Xi Graphics Dextop 2.1
Caldera Openunix 8.0
Caldera Unixware 7.0, 7.1.0, 7.1.1
Hp Hp-ux 10.10, 10.20, 10.24, 11.00, 11.11
Ibm Aix 4.3.3, 5.1
Sun Solaris 2.6, 9.0
Sun Sunos 5.5.1, 5.7, 5.8
Compaq Tru64 4.0f, 4.0g, 5.0a, 5.1, 5.1a

References

NameSourceURLTags
20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Databasehttp://marc.info/?l=bugtraq&m=102917002523536&w=2BUGTRAQ
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurityhttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3AsecurityCONFIRM
CA-2002-26http://www.cert.org/advisories/CA-2002-26.htmlCERTUS Government Resource
tooltalk-ttdbserverd-ttcreatefile-bo(9822)http://www.iss.net/security_center/static/9822.phpXF
VU#387387http://www.kb.cert.org/vuls/id/387387CERT-VNPATCH Third Party Advisory US Government Resource
5444http://www.securityfocus.com/bid/5444BID
IY32792http://www-1.ibm.com/support/search.wss?rs=0&q=IY32792&apar=onlyAIXAPAR
IY32793http://www-1.ibm.com/support/search.wss?rs=0&q=IY32793&apar=onlyAIXAPAR
HPSBUX0207-199http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199HP
oval:org.mitre.oval:def:177https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A177OVAL
oval:org.mitre.oval:def:192https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A192OVAL