Solaris hole opening way for hackers
Published: 16 Jan 2002 13:45 GMT
Online hackers are using a two-month-old security hole in Sun Microsystems' Solaris operating system to break into servers on the Internet, a security expert said on Tuesday.
Researchers witnessed the attack when one intruder broke into a Solaris server under intense observation as part of the Honeynet Project, an initiative to develop ways to turn spare computers into digital fly traps to study and document actual Internet attacks.
"One of our honey pots got whacked with it," said Lance Spitzner, project manager for the Honeynet Project. "As far as we know, it was the first time we saw (this flaw) used in the wild."
The flaw, commonly referred to as a "buffer overflow," allows a specially crafted packet of Internet data to cause a computer to give an online vandal full access to its capabilities. In this particular instance, a component of Solaris used to remotely run applications contained a buffer overflow, and an attacker found the weakness, Spitzner said.
"The bad guy accessed our system, downloaded a back door, and made it so he could log in anytime he wanted," he said. "Then, he logged in a couple days later and loaded a denial-of-service tool to attack several online chat servers."
Denial-of-service, or DoS, attacks attempt to overload or crash a computer, thus making it inaccessible.
The Computer Emergency Response Team, or CERT, Coordination Center, an online security watchdog, first reported the vulnerability last November.
On Monday, the group posted an advisory about the use of the flaw, adding that administrators should install the patch from Sun, limit access to the vulnerable service, or disable the service.
Solaris is Sun's proprietary variant of the Unix operating system. Last October, the FBI published a list of flaws that affected major operating systems, including Solaris.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
37 out of 66 people found this useful
- Share this article:
