Attackers could get full access to servers running Unix versions supplied by Sun Microsystems and IBM because of a security hole in the login program of the operating system, experts warned Wednesday.
A buffer overflow flaw exists in the Unix login program, which authenticates access to the system by usernames and passwords. Because the login program is also used by two programs accessible remotely, telnet and rlogin (remote login), the flaw can be exploited even by those who do not have direct access to the system, experts at Internet Security Systems Inc. (ISS) and the Computer Emergency Response Team/Coordination Center (CERT/CC) said in separate statements.
Systems are only vulnerable if telnet, rlogin and other terminal connection services that use login for authentication are enabled, which they usually are by default, according to ISS.
Attackers can exploit the vulnerability to gain superuser privileges or root access to the server, the highest privilege level on Unix systems, allowing the attacker to execute arbitrary commands.
A software tool, or exploit, to compromise systems running the affected operating systems has been made public, according to ISS.
ISS and CERT/CC advise system administrators to install Secure Shell (SSH), a secure alternative to telnet and rlogin, and disable default terminal connection services until the software can be patched. Sun and IBM have software fixes available, according to CERT/CC.
Sun's Solaris 8 and earlier versions, and IBM's AIX versions 4.3 and 5.1, are affected. Other systems derived from the same code base, Unix System V, could also be vulnerable, CERT/CC said. Hewlett-Packard Co. told CERT/CC that its HP-UX is not exploitable.