Crackers Exploit Solaris Flaw

 
 
By Dennis Fisher  |  Posted 2002-01-15
 
 
 
Crackers are actively exploiting a dangerous flaw in Sun Microsystems Inc.s Solaris operating system that gives attackers complete control over a vulnerable system, according to a new advisory released by the CERT Coordination Center.

Researchers first identified the vulnerability, which also exists in several other operating systems, in 1999, and CERT issued an advisory last November. The affected vendors all issued patches.

However, crackers have recently begun using an exploit for the vulnerability against Solaris systems, according to data gathered by CERT, which is based at Carnegie Mellon University in Pittsburgh.

The flaw is a buffer overflow in the subprocess control server of the CDE (Common Desktop Environment), an integrated GUI for Unix-based operating systems. The vulnerable service is typically started by the Internet service daemon when the CDE client tries to create a process on the daemons host. Using the vulnerability, an attacker could create a special CDE client request that would enable him to execute arbitrary commands on the target system.

The subprocess control daemon runs by default on many operating systems with CDE installed.

CERT officials said they received much of the data about the Solaris exploit from the Honeynet Project, a test network that is connected to the Internet and monitored for attacks and intrusion attempts by a volunteer group of security experts.

Rocket Fuel