Solaris hole opening way for hackers
Source: CNet News
Online vandals are using a two-month-old security hole in Sun Microsystems' Solaris operating system to break into servers on the Internet, a security expert said Tuesday.
Researchers witnessed the attack when one intruder broke into a Solaris server under intense observation as part of the Honeynet Project, an initiative to develop ways to turn spare computers into digital fly traps to study and document actual Internet attacks.
"One of our honey pots got whacked with it," said Lance Spitzner, project manager for the Honeynet Project. "As far as we know, it was the first time we saw (this flaw) used in the wild."
The flaw, commonly referred to as a "buffer overflow," allows a specially crafted packet of Internet data to cause a computer to give an online vandal full access to its capabilities. In this particular instance, a component of Solaris used to remotely run applications contained a buffer overflow, and an attacker found the weakness, Spitzner said.
"The bad guy accessed our system, downloaded a back door, and made it so he could log in anytime he wanted," he said. "Then, he logged in a couple days later and loaded a denial-of-service tool to attack several online chat servers."