CDE Subprocess Control daemon
Created 11/13/01
CVE 2001-0803
Impact
A remote attacker could execute arbitrary code with root
privileges, thereby gaining complete control over the server.
Background
The Common Desktop Environment (CDE) is a graphical user
interface for Unix and Linux systems. The CDE Subprocess
Control daemon (dtspcd) is enabled by default
on systems where CDE is installed. dtspcd
accepts requests from clients to launch applications. It
is intended to be spawned by CDE components, and not to
be used by normal users.
The Problems
Due to a buffer overflow condition in the portion of
code which negotiates connections with clients, a remote attacker
could execute arbitrary commands with root privileges by
sending a long, specially crafted request to dtspcd.
The ability to execute arbitrary commands with root privileges
can easily be leveraged to complete control of the victim.
Resolution
Apply a patch for your operating system. See
CERT Advisory 2001-31
for patch information from specific vendors.
If a patch is not yet available, then disable dtspcd
as follows:
- Find the line which begins with dtspc
in /etc/inetd.conf, and insert a # at the
beginning of the line.
- Restart the inetd process using the command
kill -HUP pid, where pid
is the process ID of the inetd service.
Also, it would be advisable to block access to TCP port 6112 at the
network perimeter.
Where can I read more about this?
This vulnerability was reported in
CERT Advisory 2001-31.