ToolTalk.ttdbserverd.Format.String

description-logoDescription

It indicates detection of a request sent to a Common Desktop Environment (CDE) ToolTalk Remote Procedure Call (RPC) database server.
The ToolTalk architecture allows custom programs to communicate with each other over a network. ToolTalk-enabled programs communicate using RPC and are managed by the ToolTalk database server (rpc.ttdbserverd). There are many vulnerabilities in rpc.ttdbserverd that may allow attackers to gain access to a target system or execute arbitrary code on it via specially-crafted RPC messages.

affected-products-logoAffected Products

Any unprotected Unix based system with tooltalk database server enabled is vulnerable.

Impact logoImpact

Attackers can gain access to the victim system and execute arbitrary commands including remotely deleting arbitrary files and remotely creating arbitrary directories. Furthermore, an attacker can crash the ToolTalk RPC database server, cause a denial-of-service.

recomended-action-logoRecommended Actions

Apply a patch from the vendor.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1 1