16 January 2002 A security flaw in Sun Microsystems’ Solaris Unix operating system is enabling intruders to break into servers on the Internet, the Computer Emergency Response Team (CERT) has warned.
CERT, working in conjunction with the Honeynet Project, had said that the vulnerability is being “actively exploited” by hackers – even though the security hole has been widely known about since November 2001.
CERT has re-posted an advisory note informing systems administrators of the flaw. The advisory suggests that they disable the affected service, or limit access to it, before installing a patch from Sun.
Researchers say they witnessed a “live” attack when an intruder broke into a Solaris server that was being closely watched – a technique used by the Honeynet Project to catch hackers red-handed “in the wild”.
The system was accessed by an intruder who installed a “back door” so that he could easily come back and log in at any time. A few days later, the hacker loaded a denial-of-service (DoS) tool in order to launch an attack on various online chat servers.
The aim of a DoS attack is to overload a computer system by sending it a stream of data, often from a variety of compromised systems, causing the target to crash and consequently become inaccessible.
The latest vulnerability lies in the Common Desktop Environment (CDE) graphical user interface (GUI), which is vulnerable to a “buffer overflow” attack. This affects the CDE Subprocess Control Service (or “dtspcd”). CERT has warned that, “a malicious client can manipulate data sent to dtspcd and cause a buffer overflow, potentially executing code with root privileges.”
Root privileges enable an attacker to take total control of the server.