GEN:SID 1:571
Message RPC EXPLOIT ttdbserv Solaris overflow
Summary This event indicates an attempt to exploit the tool talk RPC database
service
Impact Possible unauthorized administrative access to the server or application
or a denial of service to the affected application running on a Solaris
system
Detailed Information ToolTalk RPC database service (rpc.ttdbserverd) does not perform
adequate input validation or provide a format string specifier argument
when writing to syslog. This means a specifically crafted RPC request to
the ToolTalk RPC database service overwriting specific locations in
memory and therefore allowing execution of code with the same permission
level as the user running ttdbserverd, usually root.
Affected Systems Solaris 1.1 - 2.6
Possibly other vendors, if you are running Tool Talk (rpc.ttdbserverd) check with your vendor.
Attack Scenarios An attacker will send a specially crafted RPC call to the
rpc.ttdbserverd daemon running on an affected system. A sucessful
attack will then run code on the server with the access level of the
root user.
Ease of Attack Simple, Exploit code is available.
Corrective Action Updates packages and patches are available from vendors, install them or
disable the service if not needed.
Additional References  
Rule References arachnids: 242
bugtraq: 122
cve: 1999-0003
url: www.cert.org/advisories/CA-2001-27.html