[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Solaris hole gives hackers free rein
From: InfoSec News <isn () c4i ! org>
Date: 2001-06-25 9:24:14
[Download RAW message or body]
http://www.zdnet.com.au/news/breakingnews/story/0,2000020826,20233977,00.htm
By Matthew Broersma, ZDNet News
22 June 2001
Researchers have discovered a bug that could give hackers unlimited
access to any machine running Sun's Unix operating system, Solaris.
The bug, discovered by security consultancy ISS X-Force, affects a
utility designed to give remote users access to a local printer. The
line printer daemon (in.lpd), as it is called, contains a flaw in the
"transfer job" routine that could allow hackers to overflow an
unchecked buffer, a common means of gaining unauthorised access to a
computer.
Hackers could exploit the flaw to crash the printer daemon or execute
malicious code with system administrator privileges, according to
X-Force. The printer software is installed by default on all Solaris
systems.
Sun says it is working on a fix, which will be available next month,
and X-Force recommends the software be turned off until the patch is
available.
Solaris runs on Sun Microsystems and Intel hardware, and is the
dominant operating system for high-end Internet servers.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe@SecurityFocus.com.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic