http://www.newsbytes.com/news/01/166523.html By Brian McWilliams, Special to Newsbytes SOFIA, BULGARIA , U.S.A., 06 Jun 2001, 11:49 AM CST Microsoft [NASDAQ:MSFT] Windows-based e-mail programs may be a favorite target of hackers and virus writers. But users of Unix mail systems are not immune to attack, according to an advisory published Monday by Bulgarian security consultant Georgi Guninski. Guninski, who has gained renown for his discovery of serious Windows-based security holes in Microsoft's Outlook and Netscape's Communicator mail programs, has identified a buffer overflow vulnerability that can be exploited using the mail console on Sun Microsystems's Solaris version 8 for Intel platforms. While the bug enables attackers to run their own code on Solaris 8 systems, Guninski and other security experts classify it as a "medium" security risk. Unlike exploits crafted for Outlook and Communicator, which can be triggered by sending infected email to a remote user, the Solaris Mail vulnerability cannot be remotely exploited and requires that an attacker have command-line access and locally run exploit code. The bug discovered by Guninski lies in Solaris Mail's use of the "$HOME" environment variable, an operating system function which sets a users' home directory location at log-in. By overflowing a buffer in $HOME with a large amount of data, an attacker can cause the mail program to execute code of the attacker's choice. Because the Solaris Mail program runs with the set group ID privilege, the code would run with slightly higher privileges than the user's, but not with root authority. "There's not the same level of potential here as with the Outlook vulnerabilities," said Rik Farrow, an independent consultant who specializes in Unix security and intrusion detection. A spokesperson for Sun Microsystems said the company is studying the Guninski advisory and would be quick to issue a patch if it determined the issue was serious. While Guninski has identified dozens of Windows-based security flaws in recent years, he may not find Unix is such fertile ground for security bug discoveries, according to Farrow. "I can't imagine he will find Unix anywhere near as interesting as Outlook. There, you have the ability to attack and take control of a machine just by sending an email," said Farrow. Guninski's advisory is available here: http://www.guninski.com/sunhome.html ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 02:56:41 PDT