Unix bug returns from beyond the grave


Unix bug returns from beyond the grave

Cliff Saran
A four-year-old security bug has come back to haunt Unix users, according to independent security specialist ProCheckUp.

The firm discovered that using a command built within the vast majority of Unix boxes, an intruder could obtain a remote console identical to a local X-Windows session. In effect, "Remote connections [to the server] are enabled," said Richard Brain, ProCheckUp technical director.

The attack, based on the Unix XDMCP connection, would involve cracking a username and password to gain access to the remote Unix machine. But Brain added that modern Unix and Linux operating systems make it particularly easy to find the user names for remote users.

This means, he said, " it is only necessary to guess the password," which, he added, was not difficult. Users often choose easy to remember passwords. Moreover, remote users are more vulnerable to tricks where they inadvertently reveal their passwords to a stranger.

Brain has identified the flaw in all versions of Mandrake Linux before version 8.1 and all versions of Sun Solaris. Brain believes other Unix operating systems could also be affected.

The problem occurs as a result of a poor Unix configuration setting that allows anonymous XDMCP connections. ProCheckUp came across the security flaw during testing of one of its customer's Internet connected servers. It believes the problem to be a serious vulnerability.

The ProCheckUp technicians were surprised that this existed and performed an initial search for information. They found the last security update covering this weakness was in early 1999.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy