CERT: Exploit circulating for CDE hole in Solaris
By Joris Evers
Hackers are actively exploiting a known vulnerability in Sun
Microsystems Inc.'s Solaris version of the Unix operating system,
security experts said late Monday, urging administrators to check if
their system is vulnerable.
The U.S.-government funded Computer Emergency Response
Team/Coordination Center (CERT/ CC) at Carnegie Mellon University in
Pittsburgh said in an advisory that it had received "credible reports"
of an exploit for Solaris systems. An exploit is a software tool that
can be used to break into computer systems and that is often used by
hackers.
The exploit takes advantage of a buffer overflow vulnerability that was
first discovered in March 1999. The flaw in a library function used by
the CDE (Common Desktop Environment) could allow an attacker to take
full control over the system, CERT/CC said. CDE is a graphical user
interface that is typically installed by default on Unix systems.
The CDE Subprocess Control Service (dtspcd) is a network daemon that
accepts requests from remote clients to execute commands and launch
programs remotely. The service does not perform adequate input
validation, as a result of which a malicious client could manipulate
data sent and cause a buffer overflow, according to CERT/CC.
CERT/CC advises administrators to check if a system is configured to
run dtspcd by looking for the entries "dtspc 6112/tcp"
in "/etc/services" and "dtspc stream tcp nowait
root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd" in "/etc/ inetd.conf".
Many Unix and Linux flavors are vulnerable and many vendors have long
issued patches to fix the problem. Any system that does not run dtspcd
is not vulnerable to this problem.
The CERT/CC advisory can be found at 2002- 01.html.
About the author(s)
-------------------
Joris Evers is a correspondent for the IDG News Service.
________________________________________________________________________________
ITWORLD.COM NEWSLETTER ARCHIVE
.
Farah regal
good luck
"think twice and hit enter once"
By Joris Evers
Hackers are actively exploiting a known vulnerability in Sun
Microsystems Inc.'s Solaris version of the Unix operating system,
security experts said late Monday, urging administrators to check if
their system is vulnerable.
The U.S.-government funded Computer Emergency Response
Team/Coordination Center (CERT/ CC) at Carnegie Mellon University in
Pittsburgh said in an advisory that it had received "credible reports"
of an exploit for Solaris systems. An exploit is a software tool that
can be used to break into computer systems and that is often used by
hackers.
The exploit takes advantage of a buffer overflow vulnerability that was
first discovered in March 1999. The flaw in a library function used by
the CDE (Common Desktop Environment) could allow an attacker to take
full control over the system, CERT/CC said. CDE is a graphical user
interface that is typically installed by default on Unix systems.
The CDE Subprocess Control Service (dtspcd) is a network daemon that
accepts requests from remote clients to execute commands and launch
programs remotely. The service does not perform adequate input
validation, as a result of which a malicious client could manipulate
data sent and cause a buffer overflow, according to CERT/CC.
CERT/CC advises administrators to check if a system is configured to
run dtspcd by looking for the entries "dtspc 6112/tcp"
in "/etc/services" and "dtspc stream tcp nowait
root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd" in "/etc/ inetd.conf".
Many Unix and Linux flavors are vulnerable and many vendors have long
issued patches to fix the problem. Any system that does not run dtspcd
is not vulnerable to this problem.
The CERT/CC advisory can be found at 2002- 01.html.
About the author(s)
-------------------
Joris Evers is a correspondent for the IDG News Service.
________________________________________________________________________________
ITWORLD.COM NEWSLETTER ARCHIVE
.
Farah regal
good luck
"think twice and hit enter once"