[ale] Solaris Vulnerability

Jonathan Glass jonathan.glass at ibb.gatech.edu
Thu Jan 23 06:31:29 EST 2003


Solaris Flaw Opens Door for Hackers 
Source: EWeek.com 
Date Written: January 22, 2003 
Date Collected: January 22, 2003

Entercept Security technology reports a security flaw in Sun's Solaris
operating system that would allow an attacker to access any file and
obtain root privileges on a vulnerable machine. The flaw affects
versions 2.5.1, 2.6, 2.7, 2.8, and 2.9 running on Sparc or Intel based
servers. The flaw lies in the Kodak Color Management System service
demon which enables library functions to access profiles on remote
machines. Because the KCMS server runs with root privileges, an attacker
who is able to exploit this vulnerability would have complete control of
the machine and could access any file of choice. Sun will release a
patch 22 January.

http://www.eweek.com/article2/0,3959,840818,00.asp
-- 
Jonathan Glass
Systems Support Specialist II
Institute for Bioengineering & Bioscience
Georgia Institute of Technology
404.385.0127

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list