A bug has been discovered in the Solaris operating system that may allow a remote attacker to execute malicious code at super-user level.
The remote buffer overflow vulnerability was discovered in the Solaris Print Protocol daemon and may allow a remote or local attacker to crash the daemon or execute arbitrary code with super-user privilege. The daemon runs with root privileges by default on all current versions of Solaris.
Security firm ISS X-Force released an advisory describing the threat. "Solaris installs the in.lpd line printer software by default," it said. "This vulnerability may allow a remote attacker to execute arbitrary commands without restriction. No local access to the target system is required to exploit this vulnerability."
The print protocol daemon provides an interface for remote users to interact with a local printer, listening for requests on port 515. A flaw in the 'transfer job' routine would allow for the execution of malicious code.
Sun Microsystems is working on a patch for the problem and said it will be available in July. In the meantime, users can disable the in.lpd line printer software. The X-Force advisory is available here.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches