[ISN] Bulgarian Bugmeister Turns His Gaze To Sun

From: InfoSec News (isnat_private)
Date: Fri Jun 08 2001 - 00:54:19 PDT

  • Next message: InfoSec News: "[ISN] Court ruling critical to hacker charges"

    By Brian McWilliams, Special to Newsbytes
    06 Jun 2001, 11:49 AM CST
    Microsoft [NASDAQ:MSFT] Windows-based e-mail programs may be a
    favorite target of hackers and virus writers. But users of Unix mail
    systems are not immune to attack, according to an advisory published
    Monday by Bulgarian security consultant Georgi Guninski.
    Guninski, who has gained renown for his discovery of serious
    Windows-based security holes in Microsoft's Outlook and Netscape's
    Communicator mail programs, has identified a buffer overflow
    vulnerability that can be exploited using the mail console on Sun
    Microsystems's Solaris version 8 for Intel platforms.
    While the bug enables attackers to run their own code on Solaris 8
    systems, Guninski and other security experts classify it as a "medium"
    security risk. Unlike exploits crafted for Outlook and Communicator,
    which can be triggered by sending infected email to a remote user, the
    Solaris Mail vulnerability cannot be remotely exploited and requires
    that an attacker have command-line access and locally run exploit
    The bug discovered by Guninski lies in Solaris Mail's use of the
    "$HOME" environment variable, an operating system function which sets
    a users' home directory location at log-in. By overflowing a buffer in
    $HOME with a large amount of data, an attacker can cause the mail
    program to execute code of the attacker's choice.
    Because the Solaris Mail program runs with the set group ID privilege,
    the code would run with slightly higher privileges than the user's,
    but not with root authority.
    "There's not the same level of potential here as with the Outlook
    vulnerabilities," said Rik Farrow, an independent consultant who
    specializes in Unix security and intrusion detection.
    A spokesperson for Sun Microsystems said the company is studying the
    Guninski advisory and would be quick to issue a patch if it determined
    the issue was serious.
    While Guninski has identified dozens of Windows-based security flaws
    in recent years, he may not find Unix is such fertile ground for
    security bug discoveries, according to Farrow.
    "I can't imagine he will find Unix anywhere near as interesting as
    Outlook. There, you have the ability to attack and take control of a
    machine just by sending an email," said Farrow.
    Guninski's advisory is available here:
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 02:56:41 PDT