[ISN] Solaris hole gives hackers free rein

From: InfoSec News (isnat_private)
Date: Mon Jun 25 2001 - 02:24:14 PDT

  • Next message: InfoSec News: "[ISN] Final Reminder / Update: Black Hat Briefings July 11-12th"

    http://www.zdnet.com.au/news/breakingnews/story/0,2000020826,20233977,00.htm
    
    By Matthew Broersma, ZDNet News
    22 June 2001
    
    Researchers have discovered a bug that could give hackers unlimited
    access to any machine running Sun's Unix operating system, Solaris.  
    The bug, discovered by security consultancy ISS X-Force, affects a
    utility designed to give remote users access to a local printer. The
    line printer daemon (in.lpd), as it is called, contains a flaw in the
    "transfer job" routine that could allow hackers to overflow an
    unchecked buffer, a common means of gaining unauthorised access to a
    computer.
     
    Hackers could exploit the flaw to crash the printer daemon or execute
    malicious code with system administrator privileges, according to
    X-Force. The printer software is installed by default on all Solaris
    systems.
    
    Sun says it is working on a fix, which will be available next month,
    and X-Force recommends the software be turned off until the patch is
    available.
    
    Solaris runs on Sun Microsystems and Intel hardware, and is the
    dominant operating system for high-end Internet servers.
    
    
     
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 03:38:31 PDT