The company has confirmed an operating environment vulnerability uncovered during eWEEK Labs' Openhack security test. A patch is expected next week.
Sun Microsystems has confirmed a Solaris operating environment vulnerability uncovered during eWEEK Labs' Openhack security test.
Last week eWEEK reported that Spanish security consultant Lluis Mora had found a security vulnerability in an optional component of the Solaris operating environment. The vulnerability allowed Mora to execute arbitrary operating system commands on a Solaris-based database server.
Both eWEEK Labs and Mora contacted Sun immediately after the vulnerability was discovered. Sun has since researched, replicated and confirmed the problem in its own labs, according to Russ Castronovo, public relations manager for Solaris.
A patch has been written and is being tested by Mora and Sun engineers to ensure that it fixes the problem and is production-ready, said Castronovo. The patch is expected to be available next week.
Details On The Way
Many readers have asked eWEEK Labs for more details on the vulnerability discovered during the Openhack test. We decided it would not be responsible to publish details without also providing information about how organizations could protect themselves. Hackers move fast, however, and we were prepared to release more information if Sun did not respond in a timely fashion.
We do believe in full disclosure and will publish the details of Mora's crack and of all the vulnerabilities he discovered in a future story.
