Security hole leaves some Unix servers wide open

[InfoSec News <isn () c4i org>]

http://www.nandotimes.com/technology/story/194719p-1890210c.html

By MATTHEW FORDAHL, Associated Press 

SAN JOSE, Calif. (December 14, 2001 6:34 p.m. EST) - A recently
uncovered security hole could give Internet hackers full access to
Unix servers from IBM Corp. and Sun Microsystems Inc., experts said.

Though no major breaches have been reported so far, the flaw could be
used in worms that automatically seek out and infect vulnerable
systems, said Dan Ingevaldson of Internet Security Systems.

"The worst-case scenario would be some kind of worm that had advanced
scanning logic like Nimda and Code Red," he said, referring to
damaging worms that affected Microsoft-based computers earlier this
year.

ISS discovered the vulnerability in October, but didn't publicize it
until after vendors were notified and could develop fixes.

The problem stems from a flaw in the operating system's login program,
which grants access by usernames and passwords.

Because the program is used by remote-access software, the flaw can be
exploited by people who do not have direct access to the system,
according to an alert by the Computer Emergency Response Team.

In some cases, the highest level of access could be granted.

Patches are now available to fix machines that are running Sun Solaris
and IBM AIX operating systems, Ingevaldson said.

Other major Unix-based operating systems - including Mac OS X,
Hewlett-Packard's HP-UX and Compaq's Tru64 - are not affected, CERT
said.

High-end Unix servers are used to run the largest Web sites as well as
databases in business, government and academic environments.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.