Solaris wall shows cracks

CERT warns on format string bug

By John Leyden • Get more from this author

Posted in Security, 3rd May 2002 16:22 GMT

Free whitepaper – Certify your software integrity with Thawte code signing certificates

Sun Microsystems is working on a patch to correct a format string vulnerability in a utility within its Solaris operating system.

According to a notice issued by security clearing house CERT earlier this week, the format string bug within the rwall daemon (rpc.rwalld) may permit an intruder to execute code (which could be potentially malicious) with the privileges of the operation (typically root).

A proof of concept exploit is publicly available, according to CERT, but it has no evidence of active scanning or exploitation of the vulnerability by the digital underground. It suggests remote exploitation of the vulnerability is far from straightforward.

The rwall daemon listens for remote wall requests which are used to send messages around terminals of a time-sharing system. The bug exists in the code that displays the error message for the rwall daemon.

Sun confirms the vulnerability affects Solaris 2.5.1, 2.6, 7 and 8 but is playing down the significance.

To exploit the problem, crackers would first have to exhaust system resources, something which a remote user would find difficult to control, it says.

Nonetheless, Sun is taking the problem seriously and has advised its users to consider disabling the rpc.rwalld daemon until a patch is available, which will be posted here.

Earlier this week, we reported a series of denial of service, buffer overflow and root compromise vulnerabilities involving Solaris, which seem to be far nastier than the latest bug. ®