OS Flaw Opens Systems to Remote Attackers
Security researchers on Wednesday warned of a potentially serious vulnerability that enables a remote attacker to gain superuser privileges on machines running some versions of Unix-based operating systems.
The problem is a buffer overflow in the login service on some versions of Sun Microsystems Inc.s Solaris software and IBM Corp.s AIX operating system.
Crackers have already begun exploiting the flaw, according to an advisory from Internet Security Systems Inc.
The login function is used to authenticate remote users, but the vulnerable systems incorrectly handle long environment variables passed to the system by remote connection services such as Telnet or Rlogin. Attackers do not need a local account or any special knowledge of the target system in order to exploit this flaw.
Telnet and Rlogin are often enabled by default.
Versions 8 and earlier of Solaris are vulnerable, as are versions 4.3 and 5.1 of AIX, according to a CERT Coordination Center advisory. CERT officials recommend that users running vulnerable versions of the operating systems disable Telnet and Rlogin.
Sun has a temporary patch available and is working on a full fix for the problem. IBM has issued an emergency fix for the flaw.