Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> RPC >> tooltalk format string

Vulnerability Assessment Details

tooltalk format string
Vulnerability Assessment Summary
Checks the presence of a RPC service

Detailed Explanation for this Vulnerability Assessment

The tooltalk RPC service is running.

There is a format string bug in many versions
of this service, which permit a possible hacker to gain
root remotely.

In addition to this, several versions of this service
permit remote attackers to overwrite abitrary memory
locations with a zero and possibly gain rights
via a file descriptor argument in an AUTH_UNIX
procedure call which is used as a table index by the
_TT_ISCLOSE procedure.

*** This warning may be a false positive since the existence
*** of the bug was not verified locally.

Solution : Disable this service or patch it
See also : CERT Advisories CA-2001-27 and CA-2002-20

Network Security Threat Level: High

Networks Security ID: 3382, 5082

Vulnerability Assessment Copyright: This script is Copyright (C) 2001 Renaud Deraison
Cables, Connectors


Netac DDR4 32GB 16GB DDR4 3200MHz UDIMM C16 Desktop Internal Memory RAM Kit picture

Netac DDR4 32GB 16GB DDR4 3200MHz UDIMM C16 Desktop Internal Memory RAM Kit

$25.99


A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G picture

A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G

$11.99


Samsung 8GB 2Rx8 PC3-12800 DDR3 1600 MHz 1.5V Non-ECC DIMM Desktop Memory RAM 8G picture

Samsung 8GB 2Rx8 PC3-12800 DDR3 1600 MHz 1.5V Non-ECC DIMM Desktop Memory RAM 8G

$9.99


G. SKILL TridentZ RGB 32GB (2 x 16GB) PC4-25600 (DDR4-3200) Memory... picture

G. SKILL TridentZ RGB 32GB (2 x 16GB) PC4-25600 (DDR4-3200) Memory...

$45.00


Crucial - 32GB Kit (2x16GB) DDR4 3200MHz C22 SODIMM Laptop Memory Kit - Green picture

Crucial - 32GB Kit (2x16GB) DDR4 3200MHz C22 SODIMM Laptop Memory Kit - Green

$44.99


Hynix 4GB DDR3 PC3L-12800S 1600MHz 1Rx8 Laptop Memory Ram HMT451S6BFR8A-PB picture

Hynix 4GB DDR3 PC3L-12800S 1600MHz 1Rx8 Laptop Memory Ram HMT451S6BFR8A-PB

$4.99


Hynix 16GB DDR4 2666MHz PC4-21300 ECC RDIMM Server Memory RAM (HMA82GR7AFR4N-VK) picture

Hynix 16GB DDR4 2666MHz PC4-21300 ECC RDIMM Server Memory RAM (HMA82GR7AFR4N-VK)

$13.99


Patriot Viper 16GB (2x8G) DDR3 1600MHz PC3-12800 C9 240-Pin UDIMM Desktop Memory picture

Patriot Viper 16GB (2x8G) DDR3 1600MHz PC3-12800 C9 240-Pin UDIMM Desktop Memory

$20.99


A-Tech 512GB 8x 64GB 4Rx4 PC4-19200 ECC Load Reduced LRDIMM Server Memory RAM picture

A-Tech 512GB 8x 64GB 4Rx4 PC4-19200 ECC Load Reduced LRDIMM Server Memory RAM

$439.92


A-Tech 32GB 2x 16GB PC4-21300 Laptop SODIMM 260-Pin DDR4 2666 MHz Memory RAM Kit picture

A-Tech 32GB 2x 16GB PC4-21300 Laptop SODIMM 260-Pin DDR4 2666 MHz Memory RAM Kit

$53.98


Discussions

No Discussions have been posted on this vulnerability.