CERT: Sun Solaris hole requires patch

ComputerWorld ^ | May 02, 2002 | LAURA ROHDE

[Bush2000]

Hackers can potentially exploit a format-string vulnerability in remote wall requests to execute arbitrary code in Solaris, Sun Microsystems Inc.'s version of the Unix operating system, security experts warned.

Sun Solaris Versions 2.5.1, 2.6, 7 and 8 require a security patch to the utility rwall daemon or rpc.rwalld, the CERT Coordination Center at Carnegie Mellon University in Pittsburgh said in an advisory yesterday.

The rwall daemon listens for wall requests, which are used to send messages to terminals using a time-sharing system. The advisory warned that the utility contains a format string vulnerability that could permit a hacker to get into the system by executing code with the privileges of the rwall daemon, usually root.

Sun has confirmed that there is a problem with rpc.rwalld and is working on a patch to fix the hole, according to CERT, which is funded by the U.S. government.

Disabling rpc.rwalld in "inetd.conf" is the recommended temporary security solution until patches are available, CERT said. Sun will release a security bulletin once the patches are available, CERT said.

By exhausting system resources, a hacker can cause the rwall daemon to generate an error message; the format string vulnerability is in the code that displays the error message. Although a hacker could consume system resources and prevent wall from executing either locally and remotely, a combination of events must occur for a hacker to be able to exploit the hole, CERT said. For example, it's difficult for remote users to control the system resources that they are attempting to exhaust in order to manipulate the system, CERT said.

The problem appears to be limited to Solaris, CERT said.

[Bush2000]

I'm shocked, shocked, shocked...

[chance33_98]

I'm shocked, shocked, shocked...

I'm not. I run Solaris 8 at home, not as stable as people might think. It is better then 7 though. I upgraded to 8 after running 7 and installing netscape from the cd. When I fired up netscape it blew away most of my root partition. Not to mention the CDE and Xstyle windows system are TERRIBLE - I switched to gnome within a day.

Overall though I am happy, but no happier then I am with my 2000 servers (4 of em) I run at home. It is not the computer you have, it is what you can do with what you have that is important. Up until about a year and half ago I was running a 166 machine and doing just fine. I know people who upgrade all the time and don't really do much with their systems. I can understand it if your into heavy gaming or 3d graphics programs (like povray, etc, which are CPU intensive). Now see, I went and got off topic. Must be a bad batch of coffee :)

[Dimensio]

I'm not. You want security, OpenBSD or NetBSD.

(I run neither, btw. I administrate an old SuSE box at home, but so far I've not had any problems because I configure a nasty tight firewall).

[good_ash]

I'm shocked, shocked, shocked that you would post a bug report of a windows competitor. How many stories have you posted that point to the glaring software holes in windows? You could write a book on outlook alone!

[B Knotts]

OpenBSD has also had a number of (mostly local) root exploits.

System security is 95% administration. If Microsoft is to be faulted, I would blame them more for encouraging a culture of ignorance which leads to lax administration of Windows servers.

Any system can be configured to be relatively secure, and any system can be (mis-) configured to be wide open. And any system that is on the Internet and not maintained, given long enough, will eventually be vulnerable to attack.

[Poohbah]

It's amazing how many companies don't pay their admins to actively maintain the system...until AFTER the corporate web page gets defaced.

I was there when a senior manager said to an IT guy, "I want to see you checking LAN drops and backing up the servers, not surfing the net for security information."

[B Knotts]

IT management is one of the great mysteries of the world.

[Poohbah]

Those who can...do.

Those who can't do...teach.

Those can't do and can't teach...manage.

[Bush2000]

Doesn't seem like much of a hole to me.

Oh ... you haven't heard the news: The emperor has no clothes ...

[mykej]

Two issues here:

None of my boxes ever allows wall anyway, so it's just not an issue for me. Or anybody I know.

Secondly, lets wait and see how long it takes Sun to release a patch. I bet it happens a lot faster than it would with MS. And after it is released, I'll bet a higher percentage of systems get the patch applied in the first 3 days than would happen with a MS system. Unix sysadmins actually pay attention and know how to apply a patch.

Being a MS sysadmin doesn't mean you have to be clueless, but there are a lot more people who fake their way into a job they just aren't qualified for in the Windows world than in the unix world.

[dwollmann]

Although a hacker could consume system resources and prevent wall from executing either locally and remotely, a combination of events must occur for a hacker to be able to exploit the hole, CERT said. For example, it's difficult for remote users to control the system resources that they are attempting to exhaust in order to manipulate the system, CERT said.

What's required to own most Windows boxes? Hmm, send the user an email?

[Bush2000]

What's required to own most Windows boxes? Hmm, send the user an email?

Dude, a properly locked-down Windows server is just as secure as its *nix counterpart.

[PatrioticAmerican]

"Being a MS sysadmin doesn't mean you have to be clueless, but there are a lot more people who fake their way into a job they just aren't qualified for in the Windows world than in the unix world. "

Bingo.