A bug has been discovered in the Solaris operating system that may allow a remote attacker to execute malicious code at super-user level.
The remote buffer overflow vulnerability was discovered in the Solaris Print Protocol daemon and may allow a remote or local attacker to crash the daemon or execute arbitrary code with super-user privilege. The daemon runs with root privileges by default on all current versions of Solaris.
Security firm ISS X-Force released an advisory describing the threat. "Solaris installs the in.lpd line printer software by default," it said. "This vulnerability may allow a remote attacker to execute arbitrary commands without restriction. No local access to the target system is required to exploit this vulnerability."
The print protocol daemon provides an interface for remote users to interact with a local printer, listening for requests on port 515. A flaw in the 'transfer job' routine would allow for the execution of malicious code.
Sun Microsystems is working on a patch for the problem and said it will be available in July. In the meantime, users can disable the in.lpd line printer software. The X-Force advisory is available here.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago