Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


New Vulnerabilities Flare in Sun Solaris

Sun and other researchers report the discovery of new flaws in the Sun operating system

Note to Sun Solaris users: Do you know who's been in your directory?

Two new vulnerabilities have been discovered in Sun Solaris since last Wednesday that could enable unauthorized users to play in the operating system's directory.

Last Thursday, Sun quietly published an alert that a flaw in the Solaris 9 in.ftpd server may allow unprivileged users access to directories outside of their home directory or to log in with their home directory set to "/". Sun offered a workaround to disable the affected application process, but a final patch has not yet been developed.

Sun's reported vulnerability applies only to Solaris 9 -- Solaris 8 and 10 are not affected. But on the day before Sun issued its alert, the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) reported a flaw in directory security that applies to all three versions of the Sun OS.

The CIAC report states that a user might be able to gain unauthorized administrative access to Sun's Java System Directory Server 5.2 by simply logging in to the Directory Server console. The problem is considered to be low danger, because it can be quickly resolved by quickly changing administrative passwords on the directory server.

Experts say the vulnerabilities shouldn't be taken lightly, especially because Solaris is often seen as a "safe" OS and is frequently used in financial and other mission-critical systems. "This showcases that even the most secure platforms have exposures -- and often, it takes some time to discover them," says Rob Enderle, principal analyst at Enderle Group, an IT consultancy.

Sun also is taking a chance by issuing an alert on a vulnerability that hasn't yet been permanently patched, Enderle observes. An alert such as Sun's "makes it a race between those who need to correct the problem and those who want to take advantage of it. Firms like Sun have no real choice right now but to disclose problems in this way, but, in the future, we need a better way to do the notification so that it doesn't become a catalyst for successful exploits."

The directory vulnerabilities aren't the only flaws that have been discovered in Solaris this month. On May 9, the Australian Computer Emergency Response Team reported that a problem in the "libike" library of Solaris 9 and Solaris 10 could allow a remote user to make a denial-of-service attack on Sun servers by crashing the in.iked daemon. Sun released patches for both operating systems to close the hole.

— Tim Wilson, Site Editor, Dark Reading

Organizations mentioned in this story

  • Australian Computer Emergency Response Team

  • Enderle Group
  • Sun Microsystems Inc. (Nasdaq: SUNW)

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Our Endpoint Protection system is a little outdated... 
    Current Issue
    The Year in Security: 2019
    This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-12-12
    The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1....
    PUBLISHED: 2019-12-12
    When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user�s username and password were exposed in the job�s Job Details pane in the PE console. These issues have been resolved in version 1.2.1 of the ...
    PUBLISHED: 2019-12-12
    An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.
    PUBLISHED: 2019-12-12
    An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulner...
    PUBLISHED: 2019-12-12
    An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.