X
Business
Home Business Developer

CERT warns on Sun server flaw

The latest CERT advisory has warned of a serious vulnerability in the RaQ 4 Server appliance
Written by Patrick Gray, Contributor

Users of Sun's RaQ 4 Server appliance have been warned in the latest CERT advisory of a serious vulnerability affecting the units.

"A remotely exploitable vulnerability has been discovered in Sun Cobalt RaQ 4 Server Appliances... may allow remote attackers to execute arbitrary code with superuser privileges," the CERT advisory said.

Ironically the vulnerability only affects Raq 4 units with Sun's Security Hardening Patch (SHP) installed on them.

Perhaps of most concern is the fact that a technique for exploiting this vulnerability has already been developed, and the relevant code has been made available to the public. It's been available from the SecuriTeam Web site since Saturday.

"An exploit is publicly available and may be circulating," the advisory said.

The CERT Advisory contains a link to Sun's instructions on how to remove the SHP; however, the link retrieves an "error opening document" message. The link to the "SHP Removal patch" is working.

CERT had made their "vulnerability notes" about the RaQ 4 unit public as far back as the 5th of December, however the full-blown advisory was not published until yesterday.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

Editorial standards
Show Comments

Related

Logitech Mevo Core Streaming camera on a tripod on set

I fly 10 times a year. These 5 tech gadgets are lifesavers

West Virginia bridge in spring time

4 ways to connect to the internet for less after the Affordable Connectivity Program expires

Copilot in enterprise hero images

How one company's employees use Microsoft Copilot to avoid the worst part of meetings