ToolTalk.ttdbserverd.Format.String
Description
It indicates detection of a request sent to a Common Desktop Environment (CDE) ToolTalk Remote Procedure Call (RPC) database server.
The ToolTalk architecture allows custom programs to communicate with each other over a network. ToolTalk-enabled programs communicate using RPC and are managed by the ToolTalk database server (rpc.ttdbserverd). There are many vulnerabilities in rpc.ttdbserverd that may allow attackers to gain access to a target system or execute arbitrary code on it via specially-crafted RPC messages.
Affected Products
Any unprotected Unix based system with tooltalk database server enabled is vulnerable.
Impact
Attackers can gain access to the victim system and execute arbitrary commands including remotely deleting arbitrary files and remotely creating arbitrary directories. Furthermore, an attacker can crash the ToolTalk RPC database server, cause a denial-of-service.
Recommended Actions
Apply a patch from the vendor.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |