News

Unix bug returns from beyond the grave

Cliff Saran
A four-year-old security bug has come back to haunt Unix users, according to independent security specialist ProCheckUp.

The firm discovered that using a command built within the vast majority of Unix boxes, an intruder could obtain a remote console identical to a local X-Windows session. In effect, "Remote connections [to the server] are enabled," said Richard Brain, ProCheckUp technical director.

The attack, based on the Unix XDMCP connection, would involve cracking a username and password to gain access to the remote Unix machine. But Brain added that modern Unix and Linux operating systems make it particularly easy to find the user names for remote users.

This means, he said, " it is only necessary to guess the password," which, he added, was not difficult. Users often choose easy to remember passwords. Moreover, remote users are more vulnerable to tricks where they inadvertently reveal their passwords to a stranger.

Brain has identified the flaw in all versions of Mandrake Linux before version 8.1 and all versions of Sun Solaris. Brain believes other Unix operating systems could also be affected.

The problem occurs as a result of a poor Unix configuration setting that allows anonymous XDMCP connections. ProCheckUp came across the security flaw during testing of one of its customer's Internet connected servers. It believes the problem to be a serious vulnerability.

The ProCheckUp technicians were surprised that this existed and performed an initial search for information. They found the last security update covering this weakness was in early 1999.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy