CERT: Security flaws threaten Unix and Linux systems

Two security holes in a graphical user interface common on Unix and Linux systems from vendors such as IBM, Sun Microsystems and...

Two security holes in a graphical user interface common on Unix and Linux systems from vendors such as IBM, Sun Microsystems and Hewlett-Packard could allow an attacker to launch a denial of service attack or overwrite files on affected systems, according to a leading US security body.

The warning comes in a bulletin from the Computer Emergency Response Team/Co-ordination Centre (CERT/CC).

The flaws exist in the ToolTalk component of Common Desktop Environment (CDE), a tool used to add a graphical interface to systems running Unix and Linux that traditionally use command line interfaces.

The ToolTalk system is used to give applications a way to send messages to each other across platforms and systems, CERT/CC said in its advisory. CERT/CC is the US government-funded computer and network security group based at Carnegie Mellon University in Pittsburgh.

The ToolTalk RPC database server, the part of ToolTalk that contains both security holes, manages the communication between ToolTalk applications, CERT/CC said.

The first vulnerability in the software is because of the ToolTalk RPC database server fails to validate fully the information that it passes to another procedure in the software, CERT/CC said.

The remotely exploitable vulnerability could allow an attacker combining a memory overwriting attack with legitimate requests to delete any file accessible to the ToolTalk RPC database server, CERT/CC said. Because that component normally runs with root privileges, any file on an affected system could be deleted, the group said.

The deletion of files could lead to a denial of service, CERT/CC said. It may also be possible to execute arbitrary code on vulnerable systems, the group said.

The second vulnerability, which is exploitable only by an attacker with local access to the affected system, exists because the ToolTalk RPC database server does not properly validate file operations, CERT/CC said.

Because the operations are inadequately validated, a specially crafted symbolic link in certain ToolTalk requests could be used to overwrite any files accessible to the database server, the group said. Such an attack could lead to privilege escalation or a denial of service attack, CERT/CC said.

Products vulnerable to the flaws include Caldera International's Open Unix and UnixWare, Hewlett-Packard's Tru64, HP-UX 10.10, 10.20, 11.00 and 11.11, IBM AIX 4.3.3 and 5.1.0 and Sun Solaris 2.5.1, 2.6, 7, 8 and 9. Different vendors are in various stages of readying patches, so users should check with their vendor to obtain fixes.

Vendors are at different stages of preparing patches, so users should check with on the availability of fixes.

More information about the vulnerabilities is available in CERT/CC's alert at www.cert.org/advisories/CA-2002-20.html.

Read more on Hackers and cybercrime prevention