[ISN] Security hole leaves some Unix servers wide open

From: InfoSec News (isnat_private)
Date: Sun Dec 16 2001 - 23:27:25 PST

  • Next message: InfoSec News: "[ISN] IDS users swamped with false alerts"

    http://www.nandotimes.com/technology/story/194719p-1890210c.html
    
    By MATTHEW FORDAHL, Associated Press 
    
    SAN JOSE, Calif. (December 14, 2001 6:34 p.m. EST) - A recently
    uncovered security hole could give Internet hackers full access to
    Unix servers from IBM Corp. and Sun Microsystems Inc., experts said.
    
    Though no major breaches have been reported so far, the flaw could be
    used in worms that automatically seek out and infect vulnerable
    systems, said Dan Ingevaldson of Internet Security Systems.
    
    "The worst-case scenario would be some kind of worm that had advanced
    scanning logic like Nimda and Code Red," he said, referring to
    damaging worms that affected Microsoft-based computers earlier this
    year.
    
    ISS discovered the vulnerability in October, but didn't publicize it
    until after vendors were notified and could develop fixes.
    
    The problem stems from a flaw in the operating system's login program,
    which grants access by usernames and passwords.
    
    Because the program is used by remote-access software, the flaw can be
    exploited by people who do not have direct access to the system,
    according to an alert by the Computer Emergency Response Team.
    
    In some cases, the highest level of access could be granted.
    
    Patches are now available to fix machines that are running Sun Solaris
    and IBM AIX operating systems, Ingevaldson said.
    
    Other major Unix-based operating systems - including Mac OS X,
    Hewlett-Packard's HP-UX and Compaq's Tru64 - are not affected, CERT
    said.
    
    High-end Unix servers are used to run the largest Web sites as well as
    databases in business, government and academic environments.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 13:09:31 PST