All the latest UK technology news, reviews and analysis
|
|
|
13 Dec 2001
Security authorities have issued a warning about a "serious vulnerability" in the login system used by Sun Solaris.
Versions of Solaris 8 and earlier are vulnerable to an exploit that could allow remote attackers to execute arbitrary commands on a system with super-user privileges.
Although systems are only vulnerable if interactive connections are allowed, such as Telnet or Rlogin which are enabled by default, security firm ISS X-Force warned that an exploit is already in circulation on the underground.
According to research, a static buffer overflow vulnerability is present in the login system which incorrectly handles long environment variables passed to it by the connection program, such as Telnet.
At present, Sun has not released a fix. The advisory has gone out early because the exploit is already in the public arena.
ISS X-Force suggests disabling terminal connection services and installing Secure Shell as a workaround until the patch comes out.
A Computer Emergency Response Team advisory is available here, and the Sun patches will be downloadable from here.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Job Specification For: Software Developer...
A global Investment Bank requires a Project Manager to...
Web Developer, .Net Software Developer - ASP.Net, C...
Verint Voice Recording Support Engineer (Verint / Nice...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?