Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: RPC --> Category: infos

tooltalk format string Vulnerability Scan

Vulnerability Scan Summary
Checks the presence of a RPC service

Detailed Explanation for this Vulnerability Test

The tooltalk RPC service is running.

There is a format string bug in many versions
of this service, which allow a possible hacker to gain
root remotely.

In addition to this, several versions of this service
allow remote attackers to overwrite abitrary memory
locations with a zero and possibly gain rights
via a file descriptor argument in an AUTH_UNIX
procedure call which is used as a table index by the
_TT_ISCLOSE procedure.

*** This warning may be a false positive since the existence
*** of the bug was not verified locally.

Solution : Disable this service or patch it
See also : CERT Advisories CA-2001-27 and CA-2002-20

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.