Sun announces the release of patches for Solaris 8, 7, 2.6, 2.5.1, and 2.5 (SunOS) 5.8, 5.7, 5.6, 5.5.1, and 5.5) which relate to a format string vulnerability in rpc.ttdbserverd.
Sun recommends that users install the patches (http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches) immediately on systems running the CDE ToolTalk database server, rpc.ttdbserverd, on SunOS 5.8, 5.7, 5.6, 5.5.1 and 5.5.