May 3, 2002 — (WEB HOST INDUSTRY REVIEW) — The CERT Coordination Center at Carnegie Mellon University (Cert.org), which provides technical advice and coordinates responses to Internet security issues, said this week it had found a security vulnerability that affects Sun Solaris versions 2.5.1, 2.6, 7, and 8.
The potential security gap is a format string vulnerability in the rwall daemon, a utility that is used to listen for wall requests on a network. The vulnerability could potentially allow hackers to execute code in Solaris. CERT said the vulnerability could be exploited both locally and remotely, “although remote exploitation is significantly more difficult,” an advisory from CERT said.
CERT also said that other UNIX-based versions adopted by vendors that include IBM, Hewlett Packard and Compaq were not vulnerable.
