Sun is working to develop a patch for its Solaris operating system after a CERT warning that hackers could exploit a potential security gap in the Unix operating system.
A format-string vulnerability in remote wall requests could allow a hacker to execute arbitrary code in Solaris, according to CERT (computer emergency response team).
The flaw is found in Sun Solaris Versions 2.5.1, 2.6, 7 and 8. The research group also pointed out that other flavours of Unix including IBM and Hewlett Packard are not vulnerable to the same fault.
The Sun security flaw comes from the rwall daemon or rpc.rwalld utility, CERT said in an advisory notice.
This rwall daemon listens for wall requests, which are used to send messages to terminals using a time-sharing system.
CERT warned that the utility contains a format string vulnerability that could permit a hacker to get into the system by executing code with the privileges of the rwall daemon, usually the root.
Sun would not say how long it expected the patch to take to develop but in the meantime, CERT recommended that users disable rpc.rwalld in 'inetd.conf' as a temporary security solution.
Sun also said it would release its own security bulletin once it has a patch available.
According to CERT, by exhausting system resources, a hacker can cause the rwall daemon to generate an error message where the vulnerability lies.
Although a hacker may potentially be able to consume system resources and prevent rwall from executing locally or remotely in order to exploit the hole, CERT said it would be difficult for remote users to control the system through this particular flaw.
Could be used for everything from search-and-rescue robots to wearable tech
Don't require the rare material being mined from the mountains of South America
IBM hopes that its new tool will avoid bias in artificial intelligence
Found by calculating the strength of the material deep inside the crust of neutron stars