Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 OS:LINUXX86:NTALKD-OF

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 OS

Keywords

 Linux x86 ntalkd Buffer Overflow

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

OS: Linux x86 ntalkd Buffer Overflow


This signature detects attempts to exploit a known vulnerability in the name lookup facility in the talk daemon (talkd) running on LINUX. The talkd provides conversation between users. It also notifies users that another user wishes to establish a chat session. Because talkd must perform a name lookup of the initiating host, attackers can send a phony host name to talkd to overflow the buffer and gain root access.

Extended Description

The program talk is used to provide a two-way screen-oriented conversation between users. The talkd daemon is used to notify a user that another users wishes to establish a chat session. As part of this process, talkd must perform a name lookup of the initiating host. Due to a buffer overflow condition in talkd related to the name lookup facility, an unauthorized user may be able to pass bogus hostname information to talkd and gain root access.

Affected Products

  • BSD BSD/OS 1.1.0
  • BSD BSD/OS 2.0.0
  • BSD BSD/OS 2.0.1
  • BSD BSD/OS 2.1.0
  • Debian Linux 0.93.0
  • Debian Linux 1.1.0
  • FreeBSD 1.1.5 .1
  • FreeBSD 2.0.0
  • FreeBSD 2.0.5
  • FreeBSD 2.1.0
  • FreeBSD 2.1.5
  • FreeBSD 2.1.6
  • HP HP-UX 10.0.0
  • HP HP-UX 10.1.0 0
  • HP HP-UX 10.10.0
  • HP HP-UX 10.16.0
  • HP HP-UX 10.20.0
  • HP HP-UX 10.30.0
  • HP HP-UX 10.34.0
  • HP HP-UX 10.8.0
  • HP HP-UX 10.9.0
  • HP HP-UX (VVOS) 10.24.0
  • IBM AIX 3.2.0
  • IBM AIX 4.1.0
  • IBM AIX 4.2.0
  • NEC EWS-UX/V (Rel4.2)
  • NEC EWS-UX/V (Rel4.2MP)
  • NEC UP-UX/V (Rel4.2MP)
  • NEC UX/4800 (64)
  • Red Hat Linux 2.0.0
  • Red Hat Linux 2.1.0
  • Red Hat Linux 3.0.3
  • SGI IRIX 4.0.0
  • SGI IRIX 4.0.1
  • SGI IRIX 4.0.2
  • SGI IRIX 4.0.3
  • SGI IRIX 4.0.4
  • SGI IRIX 4.0.4 B
  • SGI IRIX 4.0.4 T
  • SGI IRIX 4.0.5
  • SGI IRIX 4.0.5 A
  • SGI IRIX 4.0.5 D
  • SGI IRIX 4.0.5 E
  • SGI IRIX 4.0.5 F
  • SGI IRIX 4.0.5 G
  • SGI IRIX 4.0.5 H
  • SGI IRIX 4.0.5 (IOP)
  • SGI IRIX 4.0.5 IPR
  • SGI IRIX 5.0.0
  • SGI IRIX 5.0.1
  • SGI IRIX 5.1.0
  • SGI IRIX 5.1.1
  • SGI IRIX 5.2.0
  • SGI IRIX 5.3.0
  • SGI IRIX 5.3.0 XFS
  • SGI IRIX 6.0.0
  • SGI IRIX 6.0.1
  • SGI IRIX 6.0.1 XFS
  • SGI IRIX 6.1.0
  • SGI IRIX 6.2.0
  • SGI IRIX 6.3.0
  • SGI IRIX 6.4.0

References

  • BugTraq: 210
  • CVE: CVE-1999-0048
  • URL: http://www.ecst.csuchico.edu/~jtmurphy/exploits/talkd-exploit
  • URL: http://www.securityfocus.com/advisories/151

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out