|
Family: RPC --> Category: infos
tooltalk format string Vulnerability Scan
Vulnerability Scan Summary Checks the presence of a RPC service
Detailed Explanation for this Vulnerability Test
The tooltalk RPC service is running.
There is a format string bug in many versions
of this service, which allow a possible hacker to gain
root remotely.
In addition to this, several versions of this service
allow remote attackers to overwrite abitrary memory
locations with a zero and possibly gain rights
via a file descriptor argument in an AUTH_UNIX
procedure call which is used as a table index by the
_TT_ISCLOSE procedure.
*** This warning may be a false positive since the existence
*** of the bug was not verified locally.
Solution : Disable this service or patch it
See also : CERT Advisories CA-2001-27 and CA-2002-20
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|