Unix flaw could allow malicious hacking


Unix flaw could allow malicious hacking

A vulnerability in a component of a graphical user interface currently shipping with several commercial Unix systems could let a malicious attacker take administrative control of an affected host system.

CERT, the US government-backed institute that monitors Internet security, said the vulnerability existed in a function used by the common desktop environment (CDE) sub-process control service, which is responsible for accepting requests from clients to execute commands and open applications remotely.

Because of an error in the way requests from remote clients are validated, crackers could manipulate data and cause a buffer overflow.

The CDE is an integrated graphical user interface that runs on Unix and Linux systems. The affected software includes several versions of Hewlett-Packard's HP-UX, IBM's AIX, Sun Microsystems' Solaris and Compaq's Tru64 Unix systems.

Patches to address the problem are available from some of the vendors, according to CERT.

But until patches are more widely available, the group has advised users to mitigate their exposure to the vulnerability by limiting or blocking access to the sub-process control service from untrusted networks.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy