CERT: Disable Solaris remote wall or risk a hacker getting root access


CERT: Disable Solaris remote wall or risk a hacker getting root access

Users have been urged to switch off a feature of their Sun Solaris systems to avoid a back-door hacking attack, giving full control, or root access, to the system.

In a security advisory the US-government funded Computer Emergency Response Team/Coordination Center (CERT/CC) at Carnegie Mellon University recommended that users disable the rwall Unix (remote wall) utility.

CERT recommended that users disable rpc.rwalld in the configuration file "inetd.conf" as a temporary measure until Sun releases a security patch.

Hackers can potentially exploit format string vulnerability in remote wall requests in order to execute arbitrary code in Solaris The rwall utility listens for "wall" requests, which are used to send messages to terminals using a time-sharing system. CERT Advisory CA-2002-10 warns that it contains a format string vulnerability that could permit a hacker to get into the system by executing code with the privileges of the wall daemon, usually root.

By exhausting system resources, a hacker can cause the rwall utility to generate an error message; the format string vulnerability is in the code that displays the error message.

CERT said the problem appears to be limited to Sun's Solaris versions 2.5.1, 2.6, 7, and 8 of the Unix operating system. Other Unix systems are unaffected.

The CERT/CC advisory can be found at www.cert.org/advisories/CA-2002-10.html.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy