Common Desktop Environment (CDE) dtspcd Buffer Overflow

SAFEGUARDS

Workaround for ALL Affected Components:

disable CDE dtspcd:

If unable to immediately apply the appropriate vendor patch for this vulnerability you may want to disable the dtspcd daemon until you are able to properly secure the vulnerable system. You may disable dtspcd in /etc/inetd.conf by commenting out the dtscp entry.

For All Affected HP-UX Versions and Common Desktop Environment Version 2.1

Contact Vendor for Upgrade/Patch:

The vendor has announced that a fixed version is forthcoming.

For All Affected HP-UX Versions

HP dtspcd replacement for CDE buffer overflow:

Until official OS patches are available, HP recommends installing a replacement version for the vulnerable dtspcd. The temporary replacement is available for download:

ftp site: hprc.external.hp.com (192.170.19.51).

account: dtspcd

password: dtspcd

file: dtspcd.tar.gz

or by web browser from:

ftp://dtspcd:dtspcd@hprc.external.hp.com/dtspcd/

Official HP-UX patches are being prepared. Additional information will be posted at http://www.itresourcecenter.hp.com/ when available.

For All Affected IBM AIX Versions:

dtspcd Buffer Overflow - Execute arbitrary code - root IBM patch:

The emergency fix ("CDE_dtspcd_efix.tar.Z") is posted for customer download at: ftp://aix.software.ibm.com/aix/efixes/security/

For SunOS Versions

Sun Patch 105669-11
Sun Patch 105670-10
Sun Patch 106934-04
Sun Patch 106935-04
Sun Patch 108363-02
Sun Patch 108364-02
Sun Patch 108949-07

Sun announces the release of patches for Solaris(tm) 8, 7, 2.6, and 2.5.1 (SunOS(tm) 5.8, 5.7, 5.6, and 5.5.1) which relate to a buffer overflow in dtspcd.

Sun recommends that you install the patches listed immediately on systems running the CDE Subprocess control service, dtspcd, on SunOS 5.8, 5.7, 5.6, and 5.5.1.