Sun Microsystems' Solaris operating system has come a cropper for the second time in a week after the Computer Emergency Response Team (Cert) published another security advisory on Monday.
Coincidentally, the new found vulnerability affects exactly the same version of the operating system as the flaw found in the Solaris rwall daemon last week - 2.5.1, 2.6, 7, and 8 on both Sparc and Intel architectures.
This time, the default installation of the cachefsd daemon is at fault. Cachefsd caches requests for operations on remote file systems using the Network File System protocol.
If an attacker sends a maliciously crafted request to the cachefsd daemon, it becomes possible to remotely execute code with the privileges of the cachefsd process, typically root.
It should also be noted that, according to a Sun Alert Notification, failed attempts to exploit this vulnerability may leave a core dump file in the root directory.
But the presence of the core file does not preclude the success of subsequent attacks.
Cert warned that it has received credible reports of scanning and exploitation of Solaris systems running cachefsd.
It is recommended that users running vulnerable systems download a patch from the Sun website. More information can be found here.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago