IPS Research Team Discovers Critical ToolTalk Database Server Parser Vulnerability
 |
 |
 |
 |
 |
Vulnerability
A critical heap overflow vulnerability in the function of the ToolTalk database server, rpc.ttdbserverd, within several systems was discovered by a member of the Check Point IPS Research Team. A remote attacker can leverage this vulnerability by sending a crafted database message to the target host to potentially inject and execute arbitrary code.
Affected Products
The rpc.ttdbserverd process is the RPC-based ToolTalk database server that creates and manages database files kept in TT_DB directories. Affected systems include all versions of HP HP-UX, IBM AIX, and Oracle Sun Solaris that have been released as of July 13, 2010.
Solution
Check Point recommends applying the latest vendor patches and getting immediate protection by applying the latest IPS update. The IPS Software Blade and NGX SmartDefense detect and block malformed .rec requests. For more information, see CPAI-2010-220.
Acknowledgements
The Check Point IPS Research team conducts original research on network, protocol and application vulnerabilities. The team also actively monitors and where appropriate communicates with white, black and grayhat communities to identify vulnerabilities and potential exploits before they are introduced into the wild. This research is used to develop and disseminate defenses through relevant Update Services components.
Acknowledgements go to Rodrigo Rubira Branco from the Check Point IPS Research Team for discovering and reporting this vulnerability.
Legal Notice for Threat Center Advisories