CERT: Hackers exploiting hole in Solaris
Source: InfoWorld
L33tdawg: The CERT/CC advisory is here.
Hackers are actively exploiting a known vulnerability in Sun Microsystems' Solaris version of the Unix operating system, security experts said late Monday, urging administrators to check if their system is vulnerable. The U.S.-government funded Computer Emergency Response Team/Coordination Center (CERT/CC) at Carnegie Mellon University in Pittsburgh said in an advisory that it had received "credible reports" of an exploit for Solaris systems.
The exploit takes advantage of a buffer overflow vulnerability that was first discovered in March 1999. The flaw in a library function used by the CDE (Common Desktop Environment) could allow an attacker to take full control over the system, CERT/CC said. CERT/CC advises administrators to check if a system is configured to run dtspcd by looking for the entries "dtspc 6112/tcp" in "/etc/services" and "dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd" in "/etc/inetd.conf"