Adriano Lima

**Name of the Vulnerable Software and Affected Versions** AIX versions 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3 **Description** The issue is a stack-based buffer overflow in the tt internal realpath function in the ToolTalk library. This occurs when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allowing remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15. **Recommendations** For AIX versions 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, consider disabling the rpc.ttdbserver daemon in /etc/inetd.conf as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sun Solstice AdminSuite versions on Solaris 8 and 9 **Description** The issue is related to a stack-based buffer overflow in the `adm build path` function within the sadmind component. This allows remote attackers to execute arbitrary code by sending a crafted request. **Recommendations** For Sun Solstice AdminSuite on Solaris 8 and 9, consider restricting access to the sadmind service until a patch is available. As a temporary workaround, limit the exposure of the vulnerable `adm build path` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Firebird LI versions 2.0.0.12748 through 2.0.1.12855 Firebird WI versions 2.0.0.12748 through 2.0.1.12855 Description: The issue allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the `isc attach database` function or a long create request on TCP port 3050 to the `isc create database` function. This is due to multiple stack-based buffer overflows. Recommendations: For Firebird LI versions 2.0.0.12748 through 2.0.1.12855, consider restricting access to TCP port 3050 until a patch is available. For Firebird WI versions 2.0.0.12748 through 2.0.1.12855, consider restricting access to TCP port 3050 until a patch is available. As a temporary workaround, consider disabling the `isc attach database` and `isc create database` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** X Window System X11R6.4 and earlier **Description** A buffer overflow issue exists in the Strcmp function within the XKEYBOARD extension. This allows local users to potentially gain privileges by exploiting a long ` XKB CHARSET` environment variable value. **Recommendations** For X Window System X11R6.4 and earlier, consider restricting access to the XKEYBOARD extension as a temporary workaround until a patch is available.