dtspcd_version
DTSPCD Version
Summary
CDE is a Motif-based graphical user environment for Unix systems. It is shipped with a number of commercial Unix operating systems.
The dtspcd daemon is vulnerable to a buffer overlfow which could provide remote
root access (reported on November 2001).
.
The problem
(From SecurityFocus BID 3517)A buffer overflow vulnerability in one of the CDE components may allow a remote attacker to gain administrative privileges on the affected host. The overflow is believed to be in the libDtSvc library, used by the 'Subprocess Control Service'. The overflow is exploitable through the 'dtspcd' service. 'dtspcd' is a server program that listens on TCP port 6112.
Fix
Reference