Solaris Flaw Opens Door for Hackers

A serious flaw in the popular OS lets attackers access files and obtain root privileges on vulnerable machines.

There is a serious vulnerability in several versions of the popular Solaris operating system that enables a remote attacker to access any file and obtain root privileges on a vulnerable machine.

The flaw affects Sun Microsystems Inc.s Solaris 2.5.1, 2.6, 7, 8 and 9 running on Sparc-based or Intel Corp.-based servers.

The vulnerability lies in a library service daemon known as the Kodak Color Management System. KCMS is a framework for developing color-management systems. The KCMS server is used to enable library functions to access profiles on remote machines. However, thanks to a directory traversal condition in one of the servers procedures, an attacker could retrieve any file on the vulnerable system.

Specifically, the KCS_OPEN_PROFILE procedure is vulnerable to this attack, according to an advisory on the flaw released Wednesday by Entercept Security Technologies, the San Jose, Calif., company that discovered the problem. The CERT Coordination Center plans to release a vulnerability note on the issue on Wednesday.

Because the KCMS server runs with root privileges, an attacker who is able to exploit this vulnerability would have complete control of the machine and could access any file of choice.

Sun, based in Santa Clara, Calif., will release a patch for the vulnerability on Wednesday.