CERT warns on Sun server flaw
Published: 13 Dec 2002 10:50 GMT
Users of Sun's RaQ 4 Server appliance have been warned in the latest CERT advisory of a serious vulnerability affecting the units.
"A remotely exploitable vulnerability has been discovered in Sun Cobalt RaQ 4 Server Appliances... may allow remote attackers to execute arbitrary code with superuser privileges," the CERT advisory said.
Ironically the vulnerability only affects Raq 4 units with Sun's Security Hardening Patch (SHP) installed on them.
Perhaps of most concern is the fact that a technique for exploiting this vulnerability has already been developed, and the relevant code has been made available to the public. It's been available from the SecuriTeam Web site since Saturday.
"An exploit is publicly available and may be circulating," the advisory said.
The CERT Advisory contains a link to Sun's instructions on how to remove the SHP; however, the link retrieves an "error opening document" message. The link to the "SHP Removal patch" is working.
CERT had made their "vulnerability notes" about the RaQ 4 unit public as far back as the 5th of December, however the full-blown advisory was not published until yesterday.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
34 out of 74 people found this useful
- Share this article:
