A bug has been discovered in the Solaris operating system that may allow a remote attacker to execute malicious code at super-user level.
The remote buffer overflow vulnerability was discovered in the Solaris Print Protocol daemon and may allow a remote or local attacker to crash the daemon or execute arbitrary code with super-user privilege. The daemon runs with root privileges by default on all current versions of Solaris.
Security firm ISS X-Force released an advisory describing the threat. "Solaris installs the in.lpd line printer software by default," it said. "This vulnerability may allow a remote attacker to execute arbitrary commands without restriction. No local access to the target system is required to exploit this vulnerability."
The print protocol daemon provides an interface for remote users to interact with a local printer, listening for requests on port 515. A flaw in the 'transfer job' routine would allow for the execution of malicious code.
Sun Microsystems is working on a patch for the problem and said it will be available in July. In the meantime, users can disable the in.lpd line printer software. The X-Force advisory is available here.
Found by calculating the strength of the material deep inside the crust of neutron stars
Can highlight in real-time the relevant regions of an image being described
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones