Solaris bug gives hackers free rein
Published: 21 Jun 2001 14:14 BST
Researchers have discovered a bug that could give hackers unlimited access to any machine running Sun's Unix operating system, Solaris.
The bug, discovered by security consultancy ISS X-Force, affects a utility designed to give remote users access to a local printer. The line printer daemon (in.lpd), as it is called, contains a flaw in the "transfer job" routine that could allow hackers to overflow an unchecked buffer, a common means of gaining unauthorised access to a computer.
Hackers could exploit the flaw to crash the printer daemon or execute malicious code with system administrator privileges, according to X-Force. The printer software is installed by default on all Solaris systems.
Sun says it is working on a fix, which will be available next month, and X-Force recommends the software be turned off until the patch is available.
Solaris runs on Sun Microsystems and Intel hardware, and is the dominant operating system for high-end Internet servers.
Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
39 out of 89 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
