Bulgarian Bugmeister Turns His Gaze To Sun

[InfoSec News <isn () c4i org>]

http://www.newsbytes.com/news/01/166523.html

By Brian McWilliams, Special to Newsbytes
SOFIA, BULGARIA , U.S.A.,
06 Jun 2001, 11:49 AM CST
 
Microsoft [NASDAQ:MSFT] Windows-based e-mail programs may be a
favorite target of hackers and virus writers. But users of Unix mail
systems are not immune to attack, according to an advisory published
Monday by Bulgarian security consultant Georgi Guninski.
 
Guninski, who has gained renown for his discovery of serious
Windows-based security holes in Microsoft's Outlook and Netscape's
Communicator mail programs, has identified a buffer overflow
vulnerability that can be exploited using the mail console on Sun
Microsystems's Solaris version 8 for Intel platforms.

While the bug enables attackers to run their own code on Solaris 8
systems, Guninski and other security experts classify it as a "medium"
security risk. Unlike exploits crafted for Outlook and Communicator,
which can be triggered by sending infected email to a remote user, the
Solaris Mail vulnerability cannot be remotely exploited and requires
that an attacker have command-line access and locally run exploit
code.

The bug discovered by Guninski lies in Solaris Mail's use of the
"$HOME" environment variable, an operating system function which sets
a users' home directory location at log-in. By overflowing a buffer in
$HOME with a large amount of data, an attacker can cause the mail
program to execute code of the attacker's choice.

Because the Solaris Mail program runs with the set group ID privilege,
the code would run with slightly higher privileges than the user's,
but not with root authority.

"There's not the same level of potential here as with the Outlook
vulnerabilities," said Rik Farrow, an independent consultant who
specializes in Unix security and intrusion detection.

A spokesperson for Sun Microsystems said the company is studying the
Guninski advisory and would be quick to issue a patch if it determined
the issue was serious.

While Guninski has identified dozens of Windows-based security flaws
in recent years, he may not find Unix is such fertile ground for
security bug discoveries, according to Farrow.

"I can't imagine he will find Unix anywhere near as interesting as
Outlook. There, you have the ability to attack and take control of a
machine just by sending an email," said Farrow.

Guninski's advisory is available here:
http://www.guninski.com/sunhome.html




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.