/>
X

Solaris bug gives hackers free rein

Printer daemon contains glitch that could allow attackers to gain root-level access and execute malicious code
zd-defaultauthor-matthew-broersma.jpg
Written by Matthew Broersma on

Researchers have discovered a bug that could give hackers unlimited access to any machine running Sun's Unix operating system, Solaris.

The bug, discovered by security consultancy ISS X-Force, affects a utility designed to give remote users access to a local printer. The line printer daemon (in.lpd), as it is called, contains a flaw in the "transfer job" routine that could allow hackers to overflow an unchecked buffer, a common means of gaining unauthorised access to a computer.

Hackers could exploit the flaw to crash the printer daemon or execute malicious code with system administrator privileges, according to X-Force. The printer software is installed by default on all Solaris systems.

Sun says it is working on a fix, which will be available next month, and X-Force recommends the software be turned off until the patch is available.

Solaris runs on Sun Microsystems and Intel hardware, and is the dominant operating system for high-end Internet servers.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones
The best iPhone deals available right now: July 2022
iphone 12 vs iphone 11 cnet.jpg

The best iPhone deals available right now: July 2022

iPhone