Security flaw hits Windows, Mac, Linux

By Matthew Broersma, ZDNet UK
08 August 2002 04:00 PM
Tags: linux, security, windows, flaw, mac, glitch, bug, kerbero
A bug in widely-used communications software could let attackers gain control of computers and authentication systems.

Security researchers have warned of a flaw in communications software that could allow attackers to take over computers running Windows, Unix-based operating systems and Mac OS X, as well as Kerberos authentication systems.

The problem is widespread because it affects some implementations of XDR (external data representation) libraries, used by many applications as a way of sending data from one system process to another, regardless of the system's architecture. The affected libraries are derived from Sun Microsystems' SunRPC remote procedure call technology, which has been taken up by many vendors.

The Computer Emergency Response Team (CERT), a security network based at Carnegie Mellon University, warned on Tuesday that systems using the affected code should immediately apply patches or disable the affected services.

A function in Sun's XDR library contains an integer overflow that can lead to buffer overflows, according to CERT security researchers Jeffrey Havrilla and Cory Cohen. These buffer overflows can allow an attacker to crash the system, execute malicious code or steal sensitive information, Havrilla and Cohen said.

The problem also affects the administration system of Kerberos 5, a widely-used authentication tool, which could allow attackers to gain control of Kerberos Key Distribution Center authentication functions. This could allow an attacker to gain false authentication with other services. Kerberos is included in Windows 2000.

The MIT Kerberos development team issued a warning and patch on its Web site.

Apple Computer confirmed that its Mac OS X operating system contains the vulnerability, which has been fixed through a recent security update, available through the software's automatic update mechanism.

Several vendors of Unix and Unix-like operating systems, including Red Hat, Debian, FreeBSD, Sun and NetBSD said that their software was affected by the issue, and issued fixes. HP said it was investigating the bug's impact.

Microsoft said it is still investigating how Windows is affected by the problem.

The relevant patches are available from the companies' Web sites, or through the CERT advisory on its Web site.

Advertisement

Print feature brought to you by Adobe

Talkback 1 comments

    Microsoft said it is still inv ...Anonymous -- 09/08/02

    Microsoft said it is still investigating how Windows is affected by the problem...

    Need I say more?

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Suzanne Tindal Sick of broken tender sites
    Some of the state governments desperately need to invest in more user-friendly tender sites so that looking for information on government tenders doesn't have to be a game of blind man's bluff.
  • Array Cyberwar: What is it good for?
    In this week's episode, Cyberwar. What is Australia's place in the world of digital warfare? What are the implications for the NBN?
  • Array Is wholesale-only backhaul just a pipedream?
    The potential acquisition of Pipe Networks by SP Telemedia has raised the question about whether vertically integrated backhaul providers will mean higher wholesale prices for ISP customers.
  • More blogs »

Tags

  1. 490 articles are tagged with 3g
  2. 43 articles are tagged with afact
  3. 14 articles are tagged with anu
  4. 1279 articles are tagged with apple
  5. 83 articles are tagged with asic
  6. 141 articles are tagged with ato
  7. 1308 articles are tagged with broadband
  8. 14 articles are tagged with cenitex
  9. 671 articles are tagged with cio
  10. 254 articles are tagged with conroy
  11. 319 articles are tagged with court
  12. 47 articles are tagged with david thodey
  13. 156 articles are tagged with exchange
  14. 53 articles are tagged with gnome
  15. 1039 articles are tagged with government
  16. 790 articles are tagged with hp
  17. 1306 articles are tagged with ibm
  18. 224 articles are tagged with iinet
  19. 353 articles are tagged with iphone
  20. 289 articles are tagged with isp
  21. 7 articles are tagged with jodee rich
  22. 11 articles are tagged with kim carr
  23. 36 articles are tagged with michael malone
  24. 1484 articles are tagged with microsoft
  25. 36 articles are tagged with mike quigley
  26. 67 articles are tagged with minister
  27. 1127 articles are tagged with mobile
  28. 220 articles are tagged with national broadband network
  29. 400 articles are tagged with nbn
  30. 202 articles are tagged with new zealand
  31. 198 articles are tagged with nsw
  32. 61 articles are tagged with one.tel
  33. 930 articles are tagged with open source
  34. 885 articles are tagged with optus
  35. 16 articles are tagged with pdc
  36. 21 articles are tagged with pipe networks
  37. 173 articles are tagged with queensland
  38. 2653 articles are tagged with security
  39. 70 articles are tagged with separation
  40. 180 articles are tagged with stephen conroy
  41. 85 articles are tagged with supercomputer
  42. 177 articles are tagged with sydney
  43. 232 articles are tagged with telco
  44. 61 articles are tagged with telecom nz
  45. 2447 articles are tagged with telstra
  46. 140 articles are tagged with tender
  47. 32 articles are tagged with tpg
  48. 177 articles are tagged with victoria
  49. 931 articles are tagged with virus
  50. 79 articles are tagged with wholesale

Back to top

Featured