Solaris hole gives hackers free rein

Researchers have discovered a bug that could give hackers unlimited access to any machine running Sun's Unix operating system, Solaris.

The bug, discovered by security consultancy ISS X-Force, affects a utility designed to give remote users access to a local printer. The line printer daemon (in.lpd), as it is called, contains a flaw in the "transfer job" routine that could allow hackers to overflow an unchecked buffer, a common means of gaining unauthorised access to a computer.

Hackers could exploit the flaw to crash the printer daemon or execute malicious code with system administrator privileges, according to X-Force. The printer software is installed by default on all Solaris systems.

Sun says it is working on a fix, which will be available next month, and X-Force recommends the software be turned off until the patch is available.

Solaris runs on Sun Microsystems and Intel hardware, and is the dominant operating system for high-end Internet servers.

Advertisement

Talkback 0 comments


Latest Videos

Blogs

  • David Braue Will Rudd's bush backhaul bonanza deliver?
    Rural areas will be welcoming the government's decision to put its money where its politicising is, funnelling $250m into a regional fibre upgrade to six rural centres. Remedying over a decade of near-neglect at the hands of telecoms privatisation, the investment could be the firmest step yet for Labor's NBN dream — but with inevitable political questions and a looming election, Rudd and Conroy need to deliver, and quickly, to preserve the NBN's credibility.
  • Array Doing for AV what VoIP did for telephony
    Sydney-based start-up Audinate is making traditional analog cabling obsolete in favour of TCP/IP-based networking technology. And it's doing a pretty good job so far, with its technology used by World Youth Day and the Sydney Opera House.
  • Array WiMax in Australia: Part two
    WiMax could be the standard that drives the next phase of mobile broadband, it provides an opportunity for players wanting to establish a pure IP network to carry voice and data effectively — but is this what operators want?
  • More blogs »

Tags

Back to top

Featured