CERT: Sun Solaris hole requires patch

IDG News Service - Hackers can potentially exploit a format-string vulnerability in remote wall requests to execute arbitrary code in Solaris, Sun Microsystems Inc.'s version of the Unix operating system, security experts warned.

Sun Solaris Versions 2.5.1, 2.6, 7 and 8 require a security patch to the utility rwall daemon or rpc.rwalld, the CERT Coordination Center at Carnegie Mellon University in Pittsburgh said in an advisory yesterday.

The rwall daemon listens for wall requests, which are used to send messages to terminals using a time-sharing system. The advisory warned that the utility contains a format string vulnerability that could permit a hacker to get into the system by executing code with the privileges of the rwall daemon, usually root.

Sun has confirmed that there is a problem with rpc.rwalld and said it is working on a patch to fix the hole, according to CERT, which is funded by the U.S. government.

Disabling rpc.rwalld in "inetd.conf" is the recommended temporary security solution until patches are available, CERT said. Sun will release a security bulletin once the patches are available, CERT said.

By exhausting system resources, a hacker can cause the rwall daemon to generate an error message; the format string vulnerability is in the code that displays the error message. Although a hacker could consume system resources and prevent wall from executing either locally and remotely, a combination of events must occur for a hacker to be able to exploit the hole, CERT said. For example, it's difficult for remote users to control the system resources that they are attempting to exhaust in order to manipulate the system, CERT said.

The problem appears to be limited to Solaris, CERT said.

Related stories:

• Denial-of-service attacks still a threat, April 8, 2002



• CERT warns IM users to beware of intruders, March 20, 2002



• Security hole uncovered in PHP, Feb. 28, 2002