Hole found in log-in function of Sun, IBM Unix

From...

By Joris Evers

(IDG) -- Attackers could get full access to servers running Unix versions supplied by Sun Microsystems Inc. and IBM because of a security hole in the log-in program of the operating system, experts warned Wednesday.

IDG.net INFOCENTER Computerworld main page Computerworld's topic-oriented communities Computerworld's IT career center Free daily newsletters Features PC World.com Product Finder Mastering e-commerce by degrees Fast-track training puts nontechies in IT jobs Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

A buffer overflow flaw exists in the Unix log-in program, which authenticates access to the system with user names and passwords. Because the log-in program is also used by two programs remotely accessible, Telnet and rlogin (remote log-in), the flaw can be exploited even by those who don't have direct access to the system, experts at Internet Security Systems Inc. (ISS) in Atlanta and the (CERT Coordination Center) at Carnegie Mellon University in Pittsburgh said in separate statements.

Systems are vulnerable only if Telnet, rlogin and other terminal connection services that use log-in for authentication are enabled, which they usually are by default, according to ISS. Attackers can exploit the vulnerability to gain super-user privileges or root access to the server, the highest privilege level on Unix systems, allowing the attacker to execute arbitrary commands.

A software tool, or exploit, to compromise systems running the affected operating systems has been made public, according to ISS. ISS and CERT advise systems administrators to install Secure Shell (SSH), a secure alternative to Telnet and rlogin, and to disable default terminal connection services until the software can be patched. Sun and IBM have software fixes available, according to CC.

Sun's Solaris 8 and earlier versions and IBM's AIX Versions 4.3 and 5.1 are affected. Other systems derived from the same code base, Unix System V, could also be vulnerable, said CERT/CC. Hewlett-Packard Co. told CERT that its HP-UX isn't exploitable.