You are here: silicon.com > Resources > White Papers > Desktops, Laptops and OS > Desktop Client OS > Linux - Open Source

Linux - Open Source White Papers

Common Desktop Environment (CDE) dtspcd Buffer Overflow on UNIX and Linux OSs (Symantec)

Overview Risk: HIGH Description: Symantec Corporation advises its customers to be aware of a remote root-access buffer overflow vulnerability in the Common Desktop Environment's (CDE's) desktop subprocess control service(dtspc). A remote intruder can cause arbitrary code to be run with root-level privileges on the targeted system, potentially gaining root access to the system.

The CDE is an integrated graphical user interface that runs on Unix and Linux operating systems. "dtspcd" is a network daemon that accepts requests from clients to execute commands and launch applications remotely. On systems running CDE, dtspcd is spawned by the Internet services daemon (typically inetd or xinetd) in response to a CDE client request. The dtspcd is typically configured to run on port 6112/tcp with root privileges. dtspcd makes a function call to a shared library that contains a buffer overflow condition in the client connection routine. The buffer overflow can be exploited by a specially crafted CDE client request allowing a remote attacker to gain administrative privileges on the affected host.

Click thru to alert text for information on protecting against this intrusion.

Further White Paper Details
Publisher	Symantec	File Format	HTML
Date Published	January 2002	Downloads	9
Format	White Papers
Topics	Linux - Open Source, UNIX

Did you find this white paper useful? 0 out of 1 users found this white paper useful

Building a Robust Linux Kernel Piggybacking the Linux Test Project

Publisher:
IBM

Tags:
programming languages

Cleartext Passwords in Linux Memory

Publisher:
Massachusetts Institute of Technology

Tags:
linux - open source

A Taxonomy of the Linux Network Stack

Publisher:
Oracle

Tags:
tcp - ip

Red Hat Drives Desktop Cost Savings for Europcar

Publisher:
Red Hat

Tags:
desktop systems - pcs

Intel Tools for Thread-Oriented Development on Linux

Publisher:
Intel

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Linux - Open Source White Papers

Common Desktop Environment (CDE) dtspcd Buffer Overflow on UNIX and Linux OSs (Symantec)

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific