To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,11033789,00.htm

Solaris faces hacker threat
Darn that buffer overflow...

By Joey Gardiner

Published: Thursday 06 June 2002

Security firm Entercept has discovered serious vulnerabilities in Sun Microsystems' Solaris operating system that could allow a hacker to execute code of his or her choice on a Solaris machine.

The vulnerabilities are a buffer overflow exploit in SNMP (Simple Network Management Protocol) components in the OS, and a format string vulnerability in the same component.

Buffer overflow problem occur when you can cause a computer's security to fail by overloading the machine with data. A format string vulnerability comes when a hacker can manipulate the format of basic computer functions.

Sun has issued patches for the problems for Solaris 8, 7, 2.6 and 5.6, 5.7, 5.8. However, it claims the vulnerability only affects Solaris versions 5.6, 5.7 and 5.8.