Information Security News mailing list archives
Solaris hole gives hackers free rein
From: InfoSec News <isn () c4i org>
Date: Mon, 25 Jun 2001 04:24:14 -0500 (CDT)
http://www.zdnet.com.au/news/breakingnews/story/0,2000020826,20233977,00.htm By Matthew Broersma, ZDNet News 22 June 2001 Researchers have discovered a bug that could give hackers unlimited access to any machine running Sun's Unix operating system, Solaris. The bug, discovered by security consultancy ISS X-Force, affects a utility designed to give remote users access to a local printer. The line printer daemon (in.lpd), as it is called, contains a flaw in the "transfer job" routine that could allow hackers to overflow an unchecked buffer, a common means of gaining unauthorised access to a computer. Hackers could exploit the flaw to crash the printer daemon or execute malicious code with system administrator privileges, according to X-Force. The printer software is installed by default on all Solaris systems. Sun says it is working on a fix, which will be available next month, and X-Force recommends the software be turned off until the patch is available. Solaris runs on Sun Microsystems and Intel hardware, and is the dominant operating system for high-end Internet servers. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribe () SecurityFocus com.
Current thread:
- Solaris hole gives hackers free rein InfoSec News (Jun 25)