CERT warns of security gap in Sun Solaris

Sun is working to develop a patch for its Solaris operating system after a CERT warning that hackers could exploit a potential security gap in the Unix operating system.

A format-string vulnerability in remote wall requests could allow a hacker to execute arbitrary code in Solaris, according to CERT (computer emergency response team).

The flaw is found in Sun Solaris Versions 2.5.1, 2.6, 7 and 8. The research group also pointed out that other flavours of Unix including IBM and Hewlett Packard are not vulnerable to the same fault.

The Sun security flaw comes from the rwall daemon or rpc.rwalld utility, CERT said in an advisory notice.

This rwall daemon listens for wall requests, which are used to send messages to terminals using a time-sharing system.

CERT warned that the utility contains a format string vulnerability that could permit a hacker to get into the system by executing code with the privileges of the rwall daemon, usually the root.

Sun would not say how long it expected the patch to take to develop but in the meantime, CERT recommended that users disable rpc.rwalld in 'inetd.conf' as a temporary security solution.

Sun also said it would release its own security bulletin once it has a patch available.

According to CERT, by exhausting system resources, a hacker can cause the rwall daemon to generate an error message where the vulnerability lies.

Although a hacker may potentially be able to consume system resources and prevent rwall from executing locally or remotely in order to exploit the hole, CERT said it would be difficult for remote users to control the system through this particular flaw.