The SGI Tooltalk is a remote procedure call (RPC) system used for inter-process communication. It allows multiple processes to communicate with each other over a network. This vulnerability allows an attacker to execute arbitrary commands as the root user by exploiting a buffer overflow in the Tooltalk database server.
You're affected if you use Execute commands as root via buffer overflow. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
To fix this vulnerability, you can apply the patches from the SGI advisory:
- ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A
- ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX
Immediate mitigations include disabling the rpc.ttdbserverd service and restricting network access to it.