A buffer overflow vulnerability in login programs used by Sun Solaris and IBM AIX systems could allow crackers to take control of servers, security experts warn.

The flaw arises from the way System V derived implementations of Login work in conjunction with remote access protocols such as Telnet and Rlogin, which are enabled by default on most Unix platforms.

This software bug means environment variables passed over from Telnet and Rlogin are handled incorrectly. As a result a maliciously constructed message might allow hackers to execute arbitrary commands on a target system with superuser privilege.

The issue is serious because an exploit for the vulnerability has been made public, according to security tools vendor Internet Security Systems, which discovered the problem.

Systems running Solaris 8, and earlier versions of Sun's operating system, as well as IBM AIX versions 4.3 and 5.1 are vulnerable, according to an advisory by CERT.

There is no simple workaround for this issue. However, disabling all default terminal communications services and installing SSH will eliminate the vulnerability.

Sun is in the process of testing a patch that will deal with the vulnerability and will be made available here. An interim fix is available from IBM here. ®