TechTarget

Unix flaw could allow malicious hacking

A vulnerability in a component of a graphical user interface currently shipping with several commercial Unix systems could let a...

A vulnerability in a component of a graphical user interface currently shipping with several commercial Unix systems could let a malicious attacker take administrative control of an affected host system.

CERT, the US government-backed institute that monitors Internet security, said the vulnerability existed in a function used by the common desktop environment (CDE) sub-process control service, which is responsible for accepting requests from clients to execute commands and open applications remotely.

Because of an error in the way requests from remote clients are validated, crackers could manipulate data and cause a buffer overflow.

The CDE is an integrated graphical user interface that runs on Unix and Linux systems. The affected software includes several versions of Hewlett-Packard's HP-UX, IBM's AIX, Sun Microsystems' Solaris and Compaq's Tru64 Unix systems.

Patches to address the problem are available from some of the vendors, according to CERT.

But until patches are more widely available, the group has advised users to mitigate their exposure to the vulnerability by limiting or blocking access to the sub-process control service from untrusted networks.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close