Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CDE ToolTalk RPC Database Server Multiple Vulnerabilities

Information

Severity

Severity

High

Family

Family

RPC

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

5 years ago

Share

Summary

This host is running the CDE ToolTalk Database Server and is prone to the multiple vulnerabilities.

Insight

Insight

Multiple flaws are due to, - An error in the handling symbolic link. The server does not check to ensure that it is not a symbolic link. If an attacker creates a symbolic link on the filesystem with the path/filename of the logfile, transaction data will be written to the destination file as root. - There are no checks to restrict the range of the index value. Consequently, malicious file descriptor values supplied by remote clients may cause writes to occur far beyond the table in memory. The only value written is a NULL word, limiting the consequences.

Affected Software

Affected Software

CDE ToolTalk RPC database server.

Solution

Solution

Apply the patch from the referenced advisory.

Common Vulnerabilities and Exposures (CVE)

References