Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

New Vulnerabilities Flare in Sun Solaris

Sun and other researchers report the discovery of new flaws in the Sun operating system

Note to Sun Solaris users: Do you know who's been in your directory?

Two new vulnerabilities have been discovered in Sun Solaris since last Wednesday that could enable unauthorized users to play in the operating system's directory.

Last Thursday, Sun quietly published an alert that a flaw in the Solaris 9 in.ftpd server may allow unprivileged users access to directories outside of their home directory or to log in with their home directory set to "/". Sun offered a workaround to disable the affected application process, but a final patch has not yet been developed.

Sun's reported vulnerability applies only to Solaris 9 -- Solaris 8 and 10 are not affected. But on the day before Sun issued its alert, the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) reported a flaw in directory security that applies to all three versions of the Sun OS.

The CIAC report states that a user might be able to gain unauthorized administrative access to Sun's Java System Directory Server 5.2 by simply logging in to the Directory Server console. The problem is considered to be low danger, because it can be quickly resolved by quickly changing administrative passwords on the directory server.

Experts say the vulnerabilities shouldn't be taken lightly, especially because Solaris is often seen as a "safe" OS and is frequently used in financial and other mission-critical systems. "This showcases that even the most secure platforms have exposures -- and often, it takes some time to discover them," says Rob Enderle, principal analyst at Enderle Group, an IT consultancy.

Sun also is taking a chance by issuing an alert on a vulnerability that hasn't yet been permanently patched, Enderle observes. An alert such as Sun's "makes it a race between those who need to correct the problem and those who want to take advantage of it. Firms like Sun have no real choice right now but to disclose problems in this way, but, in the future, we need a better way to do the notification so that it doesn't become a catalyst for successful exploits."

The directory vulnerabilities aren't the only flaws that have been discovered in Solaris this month. On May 9, the Australian Computer Emergency Response Team reported that a problem in the "libike" library of Solaris 9 and Solaris 10 could allow a remote user to make a denial-of-service attack on Sun servers by crashing the in.iked daemon. Sun released patches for both operating systems to close the hole.

— Tim Wilson, Site Editor, Dark Reading

Organizations mentioned in this story

  • Australian Computer Emergency Response Team

  • Enderle Group
  • Sun Microsystems Inc. (Nasdaq: SUNW)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 4/7/2020
    The Coronavirus & Cybersecurity: 3 Areas of Exploitation
    Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    State of Cybersecurity Incident Response
    State of Cybersecurity Incident Response
    Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-20637
    PUBLISHED: 2020-04-08
    An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connecti...
    CVE-2020-11650
    PUBLISHED: 2020-04-08
    An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3-U1. It allows a denial of service.
    CVE-2020-11653
    PUBLISHED: 2020-04-08
    An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
    CVE-2020-2732
    PUBLISHED: 2020-04-08
    A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
    CVE-2020-1627
    PUBLISHED: 2020-04-08
    A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending ...