Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

CERT: Sun Solaris hole requires patch
ComputerWorld ^ | May 02, 2002 | LAURA ROHDE

Posted on 05/02/2002 1:01:15 PM PDT by Bush2000

Hackers can potentially exploit a format-string vulnerability in remote wall requests to execute arbitrary code in Solaris, Sun Microsystems Inc.'s version of the Unix operating system, security experts warned.

Sun Solaris Versions 2.5.1, 2.6, 7 and 8 require a security patch to the utility rwall daemon or rpc.rwalld, the CERT Coordination Center at Carnegie Mellon University in Pittsburgh said in an advisory yesterday.

The rwall daemon listens for wall requests, which are used to send messages to terminals using a time-sharing system. The advisory warned that the utility contains a format string vulnerability that could permit a hacker to get into the system by executing code with the privileges of the rwall daemon, usually root.

Sun has confirmed that there is a problem with rpc.rwalld and is working on a patch to fix the hole, according to CERT, which is funded by the U.S. government.

Disabling rpc.rwalld in "inetd.conf" is the recommended temporary security solution until patches are available, CERT said. Sun will release a security bulletin once the patches are available, CERT said.

By exhausting system resources, a hacker can cause the rwall daemon to generate an error message; the format string vulnerability is in the code that displays the error message. Although a hacker could consume system resources and prevent wall from executing either locally and remotely, a combination of events must occur for a hacker to be able to exploit the hole, CERT said. For example, it's difficult for remote users to control the system resources that they are attempting to exhaust in order to manipulate the system, CERT said.

The problem appears to be limited to Solaris, CERT said.


TOPICS: Business/Economy; Technical
KEYWORDS: hack; patch; solaris; sun
I'm shocked, shocked, shocked...
1 posted on 05/02/2002 1:01:16 PM PDT by Bush2000
[ Post Reply | Private Reply | View Replies]

Comment #2 Removed by Moderator

To: Bush2000
I'm shocked, shocked, shocked...

I'm not. I run Solaris 8 at home, not as stable as people might think. It is better then 7 though. I upgraded to 8 after running 7 and installing netscape from the cd. When I fired up netscape it blew away most of my root partition. Not to mention the CDE and Xstyle windows system are TERRIBLE - I switched to gnome within a day.

Overall though I am happy, but no happier then I am with my 2000 servers (4 of em) I run at home. It is not the computer you have, it is what you can do with what you have that is important. Up until about a year and half ago I was running a 166 machine and doing just fine. I know people who upgrade all the time and don't really do much with their systems. I can understand it if your into heavy gaming or 3d graphics programs (like povray, etc, which are CPU intensive). Now see, I went and got off topic. Must be a bad batch of coffee :)
3 posted on 05/02/2002 1:15:49 PM PDT by chance33_98
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
I'm not. You want security, OpenBSD or NetBSD.

(I run neither, btw. I administrate an old SuSE box at home, but so far I've not had any problems because I configure a nasty tight firewall).
4 posted on 05/02/2002 1:21:04 PM PDT by Dimensio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
I'm shocked, shocked, shocked that you would post a bug report of a windows competitor. How many stories have you posted that point to the glaring software holes in windows? You could write a book on outlook alone!
5 posted on 05/02/2002 1:21:56 PM PDT by good_ash
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #6 Removed by Moderator

To: CDedPeeple
OpenBSD has also had a number of (mostly local) root exploits.

System security is 95% administration. If Microsoft is to be faulted, I would blame them more for encouraging a culture of ignorance which leads to lax administration of Windows servers.

Any system can be configured to be relatively secure, and any system can be (mis-) configured to be wide open. And any system that is on the Internet and not maintained, given long enough, will eventually be vulnerable to attack.

7 posted on 05/02/2002 1:53:14 PM PDT by B Knotts
[ Post Reply | Private Reply | To 6 | View Replies]

To: B Knotts
It's amazing how many companies don't pay their admins to actively maintain the system...until AFTER the corporate web page gets defaced.

I was there when a senior manager said to an IT guy, "I want to see you checking LAN drops and backing up the servers, not surfing the net for security information."

8 posted on 05/02/2002 2:02:24 PM PDT by Poohbah
[ Post Reply | Private Reply | To 7 | View Replies]

To: Poohbah
IT management is one of the great mysteries of the world.
9 posted on 05/02/2002 3:11:54 PM PDT by B Knotts
[ Post Reply | Private Reply | To 8 | View Replies]

To: B Knotts
Those who can...do.

Those who can't do...teach.

Those can't do and can't teach...manage.

10 posted on 05/02/2002 3:12:50 PM PDT by Poohbah
[ Post Reply | Private Reply | To 9 | View Replies]

To: CDedPeeple
Doesn't seem like much of a hole to me.

Oh ... you haven't heard the news: The emperor has no clothes ...
11 posted on 05/02/2002 4:18:01 PM PDT by Bush2000
[ Post Reply | Private Reply | To 2 | View Replies]

To: Bush2000
Two issues here:

None of my boxes ever allows wall anyway, so it's just not an issue for me. Or anybody I know.

Secondly, lets wait and see how long it takes Sun to release a patch. I bet it happens a lot faster than it would with MS. And after it is released, I'll bet a higher percentage of systems get the patch applied in the first 3 days than would happen with a MS system. Unix sysadmins actually pay attention and know how to apply a patch.

Being a MS sysadmin doesn't mean you have to be clueless, but there are a lot more people who fake their way into a job they just aren't qualified for in the Windows world than in the unix world.

12 posted on 05/02/2002 4:32:09 PM PDT by mykej
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Although a hacker could consume system resources and prevent wall from executing either locally and remotely, a combination of events must occur for a hacker to be able to exploit the hole, CERT said. For example, it's difficult for remote users to control the system resources that they are attempting to exhaust in order to manipulate the system, CERT said.

What's required to own most Windows boxes? Hmm, send the user an email?

13 posted on 05/02/2002 4:38:48 PM PDT by dwollmann
[ Post Reply | Private Reply | To 11 | View Replies]

To: dwollmann
What's required to own most Windows boxes? Hmm, send the user an email?

Dude, a properly locked-down Windows server is just as secure as its *nix counterpart.
14 posted on 05/02/2002 5:38:57 PM PDT by Bush2000
[ Post Reply | Private Reply | To 13 | View Replies]

To: mykej
"Being a MS sysadmin doesn't mean you have to be clueless, but there are a lot more people who fake their way into a job they just aren't qualified for in the Windows world than in the unix world. "

Bingo.

15 posted on 05/03/2002 8:52:25 PM PDT by PatrioticAmerican
[ Post Reply | Private Reply | To 12 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson