Solaris wall shows cracks
CERT warns on format string bug
Sun Microsystems is working on a patch to correct a format string vulnerability in a utility within its Solaris operating system.
According to a notice issued by security clearing house CERT earlier this week, the format string bug within the rwall daemon (rpc.rwalld) may permit an intruder to execute code (which could be potentially malicious) with the privileges of the operation (typically root).
A proof of concept exploit is publicly available, according to CERT, but it has no evidence of active scanning or exploitation of the vulnerability by the digital underground. It suggests remote exploitation of the vulnerability is far from straightforward.
The rwall daemon listens for remote wall requests which are used to send messages around terminals of a time-sharing system. The bug exists in the code that displays the error message for the rwall daemon.
Sun confirms the vulnerability affects Solaris 2.5.1, 2.6, 7 and 8 but is playing down the significance.
To exploit the problem, crackers would first have to exhaust system resources, something which a remote user would find difficult to control, it says.
Nonetheless, Sun is taking the problem seriously and has advised its users to consider disabling the rpc.rwalld daemon until a patch is available, which will be posted here.
Earlier this week, we reported a series of denial of service, buffer overflow and root compromise vulnerabilities involving Solaris, which seem to be far nastier than the latest bug. ®
Multiple Solaris vulns reported
Solaris 9 to beef up OS, application security
Meet the future of Windows security exploits
Redhat worm touts instant noodles
FBI warns as Unix server flaw gets automated