News

Unix flaw could allow malicious hacking

A vulnerability in a component of a graphical user interface currently shipping with several commercial Unix systems could let a malicious attacker take administrative control of an affected host system.

CERT, the US government-backed institute that monitors Internet security, said the vulnerability existed in a function used by the common desktop environment (CDE) sub-process control service, which is responsible for accepting requests from clients to execute commands and open applications remotely.

Because of an error in the way requests from remote clients are validated, crackers could manipulate data and cause a buffer overflow.

The CDE is an integrated graphical user interface that runs on Unix and Linux systems. The affected software includes several versions of Hewlett-Packard's HP-UX, IBM's AIX, Sun Microsystems' Solaris and Compaq's Tru64 Unix systems.

Patches to address the problem are available from some of the vendors, according to CERT.

But until patches are more widely available, the group has advised users to mitigate their exposure to the vulnerability by limiting or blocking access to the sub-process control service from untrusted networks.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy