Check Point Advisories

IBM AIX ToolTalk RPC Server Remote Buffer Overflow

Vulnerability
Protection

Check Point Reference:	CPAI-2009-115
Date Published:	24 Jun 2009
Severity:	High
Last Updated:	Tuesday 10 November, 2015
Source:
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70
Who is Vulnerable?
Vulnerability Description	ToolTalk is an inter-application communications system developed by Sun Microsystems in order to allow applications to communicate with each other at runtime. The ToolTalk service is designed to facilitate the development of inter-operating applications that serve individuals and work groups. A buffer overflow vulnerability has been discovered in IBM AIX ToolTalk RPC Server.The vulnerability is due to a stack-based buffer overflow in the function _tt_internal_realpath() that fails to properly validate user supplied data when copying it to a stack-based buffer using strcpy(). A remote attacker could trigger this issue by calling a remote procedure of ToolTalk database server with an overly large string as its argument. Successful exploitation may allow the attacker to execute arbitrary code as the root user.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

In the IPS tab, click Protections and find the IBM AIX ToolTalk RPC Server Remote Buffer Overflow protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: SUN-RPC Enforcement Protection.
Attack Information: IBM AIX ToolTalk RPC server remote buffer overflow