The Computer Emergency Response Team (Cert) has issued an alert warning administrators that a Solaris security flaw identified in November is being exploited.
Working in conjunction with the Honeynet Project, Cert said that it had recently received "credible reports of an exploit for Solaris systems" and that a vulnerability identified in Cert Advisory 31 "is being actively exploited".
The vulnerability lies in the Common Desktop Environment (CDE) graphical user interface for *nix systems. There is a remotely exploitable buffer overflow flaw in the CDE Subprocess Control Service, known as 'dtspcd', which accepts requests from clients to execute commands and launch applications remotely.
As a result, "a malicious client can manipulate data sent to dtspcd and cause a buffer overflow, potentially executing code with root privileges", Cert has warned.
Recent network traces provided by Honeynet found that one of its servers had been compromised by such an exploit. It is thought that this may be the first reported incident of this vulnerability being exploited in the wild.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago