topic Re: CDE rpc.cmsd server and exploitable buffer overflow in Operating System - HP-UX

CDE rpc.cmsd server and exploitable buffer overflow

Debra L. Benavidez — Thu, 19 Oct 2000 11:02:44 GMT

During a security scan of my servers the following error was reported:
"CDE rpc.cmsd server contains a remotely exploitable buffer overflow."

The description was that "a remotely exploitable buffer overflow in the CDE database manager rpc.cmsd could allow a remote attacker to gain root privileges on vulnerable machines. The Calendar Manager Service daemon is used as an appointment and resource-scheduler with clients such as Calendar Manager in Openwindows, and Calendar in CDE."

I loaded the CDE Runtime Sep2000 patch and its dependencies to try to correct the problem, but the scan is still reporting this vulnerability.

Any suggestions? TIA

Re: CDE rpc.cmsd server and exploitable buffer overflow

Andreas Voss — Thu, 19 Oct 2000 11:12:12 GMT

Hi,

csmd is started from inetd.
If you're not using the calendar comment the cmsd line in /etc/inetd.conf

Regards

Re: CDE rpc.cmsd server and exploitable buffer overflow

Alex Glennie — Thu, 19 Oct 2000 11:36:31 GMT

I'm not so sure of this approach, I had a customer only last week had this done ... amongst other things I may add, the result was all users were unable to login. In his case though users home directories were nfs mounted.

Give it a go, if you encounter problems you will know why at least. I see if I can find an official answer.

Re: CDE rpc.cmsd server and exploitable buffer overflow

Alex Glennie — Thu, 19 Oct 2000 11:41:46 GMT

Re: CDE rpc.cmsd server and exploitable buffer overflow

Debra L. Benavidez — Thu, 19 Oct 2000 17:27:42 GMT

Thank you for your responses! I commented out the cmsd entry in the /etc/inetd.conf, rebooted the servers, and ensured the users could sign on. The vulnerability scan was run and reported no errors. Thank you!!!