|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Sun server appliance open to attack: CERT By Patrick Gray, 0 December 13, 2002 URL: http://www.zdnet.com.au/news/security/soa/Sun-server-appliance-open-to-attack-CERT/0,130061744,120270646,00.htm
Users of Sun's RaQ 4 Server appliance have been warned in the latest CERT advisory of a serious vulnerability affecting the units. "A remotely exploitable vulnerability has been discovered in Sun Cobalt RaQ 4 Server Appliances... may allow remote attackers to execute arbitrary code with superuser privileges," the CERT advisory said. Ironically the vulnerability only affects Raq 4 units with Sun's Security Hardening Patch (SHP) installed on them. Perhaps of most concern is the fact that a technique for exploiting this vulnerability has already been developed, and the relevant code has been made available to the public. It's been available from the SecuriTeam website since Saturday. "An exploit is publicly available and may be circulating," the advisory said. The CERT Advisory contains a link to Sun's instructions on how to remove the SHP, however the link retrieves an "error opening document" message. The link to the "SHP Removal patch" is working. CERT had made their "vulnerability notes" about the RaQ 4 unit public as far back as the 5th of December, however the full-blown advisory was not published until yesterday.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
