New Vulnerability Found in CDE | eWeek

New Vulnerability Found in CDE

Verfasst von
Dennis Fisher
Dennis Fisher
Oct 8, 2001
1 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Security researchers have found a vulnerability in a popular Unix GUI program that could enable an attacker to gain root privileges on a victims computer.

The problem stems from a format string vulnerability in the Common Desktop Environment, an open-source GUI that runs on Unix and Linux operating systems.

Specifically, the ToolTalk message brokering services RPC (Remote Procedure Call) database server—a component of the CDE—mishandles a certain error condition.

As such, an attacker can craft an RPC request that can cause the specific error condition. He could then overwrite portions of the victims machines memory, enabling him to execute code with the privileges of the RPC database server, which is typically root, according to a CERT advisory on the flaw.

The vulnerability, which was discovered by Internet Security Systems Inc.s X-Force research team, affects numerous versions of Unix and Linux, including Caldera Inc.s UnixWare and Open Linux and IBMs AIX 4.3 and 5.1. For a complete list of the vulnerable Unix and Linux implementations, see the CERT advisory at www.cert.org.

Many of the affected vendors have already released patches and the others are working on them.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.