Monday, December 9, 2024

Flaw Found in Popular Unix, Linux GUI

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The CERT Coordination Center (CERT/CC) this week issued an advisory regarding a buffer overflow vulnerability in the Common Desktop Environment (CDE), a graphical user interface employed in numerous Unix and Linux systems. The vulnerability could enable attackers to execute code or cause a denial of service.

Discovered by Entercept Security Technologies, the vulnerability exists in the CDE ToolTalk message brokering system, which uses remote procedure calls (RPC) to enable applications on different hosts and platforms to communicate with one another. The specific component vulnerable to attack is the ToolTalk RCP database server, CERT/CC’s advisory says.

The database server runs with root privileges on most systems, CERT/CC says, which means an attacker who exploits the vulnerability would likewise have root access to the server. Solutions include disabling the ToolTalk RPC database service until a patch can be applied.

Vendors are in various stages of releasing those patches, but most do not yet have them available. Entercept’s alert says the vendors affected are: Caldera, Compaq, Cray, Data General, Fujitsu, Hewlett-Packard, IBM, SGI, Sun Microsystems, The Open Group and Xi Graphics.

For more information on the vulnerability, including where to get patches, see the CERT/CC advisory at: http://www.cert.org/advisories/CA-2002-26.html.Entercept’s advisory is at: http://www.entercept.com/news/uspr/08-12-02.asp.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles