| VID |
23020 |
| Severity |
40 |
| Port |
6112 |
| Protocol |
TCP |
| Class |
X11 |
| Detailed Description |
A version of CDE dtspcd daemon is detected as running on the host. CDE (Common Desktop Environment) is a Motif-based graphical user environment for Unix systems. It is shipped with a number of commercial Unix operating systems. The CDE Subprocess Control Server (dtspcd) is started by the Internet services daemon (inetd) when a CDE client attempts to create a process on the daemon's host. The dtspcd could allow a remote attacker to execute arbitrary commands with super user privilege on the affected host, caused by a buffer overflow flaw in the connection negotiation routine within dtpscd. By sending a specially crafted CDE client request, a remote attacker could overflow exploit code onto the heap and execute arbitrary code on the target host.
The Subprocess Control Server daemon is enabled by default on all operating systems with CDE installed. This process is run by the "root" user and accepts remote connections by default.
* Note: This check could not determine remotely if you are running a vulnerable version or not, so this might be a false positive.
* References:
http://xforce.iss.net/alerts/advise101.php
http://www.cert.org/advisories/CA-2001-31.html
http://www.cert.org/advisories/CA-2002-01.html
http://www.kb.cert.org/vuls/id/172583
* Platforms Affected:
Systems running CDE Subprocess Control Service (dtspcd) |
| Recommendation |
Recommend to implement network access control or completely disable the service in addition to any patches applied. 'dtspcd' that listens on TCP port 6112 can be disabled on many systems by commenting out it's entry from the inetd configuration file (often '/etc/inetd.conf'). After changing the configuration file, the inetd service must be restarted.
Apply the appropriate patch for your system, as listed in the CERT Advisory CA-2001-31 at http://www.securityfocus.com/bid/3517/solution
*Solaris 10 or later
Open /etc/service and comment out dtspc
restart inetd |
| Related URL |
CVE-2001-0803 (CVE) |
| Related URL |
3517 (SecurityFocus) |
| Related URL |
7396 (ISS) |
|
