Home > Security News > Exploit circulating for Solaris CDE vulnerability
Security News:
EMAIL THIS

Exploit circulating for Solaris CDE vulnerability

By Edward Hurley, Assistant News Editor
16 Jan 2002 | SearchSecurity

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

A known vulnerability in a popular graphical user interface (GUI) for Unix and Linux systems has been exploited on Sun Microsystems' Solaris operating system and users should patch their systems.

FOR MORE INFORMATION
Click here for CERT's advisory on the exploit

CERT's original advisory on the vulnerability and links to patches

searchSecurity has the Best Web Links on securing Unix and Linux platforms

The Computer Emergency Response Team (CERT) announced Wednesday that someone has exploited a buffer-overflow vulnerability in the library function used by the CDE Subprocess Control Service. The vulnerability can allow an attacker to gain complete control of the system.

"It's pretty simple to find, just a matter of scanning for the service," said Art Manion, an Internet security analyst with CERT.

The Common Desktop Environment (CDE) is a popular graphical user interface for Unix systems from companies including Hewlett-Packard, Sun Microsystems, IBM and Digital Equipment Corp. (now owned by Compaq). CDE comes installed and enabled by default on most Unix systems.

The CDE Subprocess Control Service (dtspcd), according to a CERT advisory, is a network daemon that accepts remote requests to execute commands and launch applications. CERT adds that on CDE systems, dtspcd is spawned by the Internet services daemon (inetd or xinetd) in response to a CDE client request. Dtspcd is typically configured to run on port 6112/tcp with root privileges, CERT said. Network administrators are advised to monitor activity on this port, used by many Internet-enabled games, for legitimacy, CERT said.

CERT has known about the buffer overflow vulnerability, a fairly common one in software, since 1999 but this is the first time it has heard that its been exploited. Last November, CERT released an advisory warning CDE users of the buffer overflow problem.

The Honeynet Project recently found someone exploited the vulnerability in one of its Solaris systems. The Project maintains systems as targets to hackers to learn more about their techniques.

Users should consider patching their systems as finding the vulnerability is just a mattering of scanning for the port used by the Subprocess Control Service, Manion said. Packet-filtering technology such as a firewall can also be used to block or restrict access outsiders from accessing the port.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts