Skip to comments.
Sun Microsystems Solaris hole opening way for hackers
CNet News.com ^
| January 15, 2002, 5:30 p.m. PT
| Robert Lemos
Posted on 01/15/2002 4:54:37 PM PST by Bush2000
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-64 next last
To: Harley - Mississippi
Online vandals are using a two-month-old security hole in Sun Microsystems' Solaris operating system to break into servers on the Internet, a security expert said Tuesday. maybe you'd like to read the first sentence of this post. it says that solaris has a two month hole in it. it does not say they created the hole.
To: go star go
If I am looking at the same patch that is mentioned in the article, the patch is over a month old already
(Sun Patch). If the above doc is speaking of the CDE overflow, umm...who the hell runs X on a 'net connected server?!!!
To: Common Tator
The problem is based on error handling routines called exceptions. We so agree.
In Java, all exceptions must be handled. No choice. C# decided to leave that out, and allows this kind of problem to persist. They have 'experts' who convinced MS that this wasn't a problem.
What do you think -- did C# make a mistake?
Comment #24 Removed by Moderator
To: Harley - Mississippi
You'd be even more shocked if you actually READ what the HoneyNet Project was about instead of spreading the misinformation you are engaging in.
Material facts: Sun Solaris has a 2-month old security hole. Hackers can exploit that hole now -- today. The motive of who found it is irrelevant.
25
posted on
01/15/2002 6:57:49 PM PST
by
Bush2000
To: unix
If the above doc is speaking of the CDE overflow, umm...who the hell runs X on a 'net connected server?!!! Answer -- this was a project specifically set up for this purpose: The Honeynet Project--a group of experts in computer security, information intelligence and psychology--unveiled Thursday its plans for improving "honeynets," collections of computers designed to let hackers break into a false network while allowing investigators to watch their every move.
The title, in fact, the entire piece, is just more dis-information. No working servers were hacked. There is no evidence that this has been done to anything other than a honeypot. This vulnerability has in fact been known since 1999, and was patched. This machine was left open *on purpose*.
This was a story about the honey pot. Some people are trying to use that to confuse people.
To: Bush2000
What exactly is the hole Bush2000? I believe it is the login buffer overflow, but am not certain (article is very vague), if so, a patch was issued on Dec. 13. Is this what the document above is pertaining to?
I also see on CERT's page that a CDE exploit has been found; speaking from experience, I NEVER run X on any border (cell) machine.
To: All
To: Dominic Harr
I've run honeypot's before with mediocre security simply to monitor what attacks were coming in. I'm trying to discern what the "hole" is, or is it a matter of wording that is being exploited in this thread. Is it really a two month hole, or is it the hole two months old that has had a patch already issued. If that is the case, it's the sysadmin's fault.
To: unix
sub-note: I know, honey-pots are purpously left open to entice hackers to attack....
To: Dominic Harr, Common Tator
In Java, all exceptions must be handled. No choice. C# decided to leave that out, and allows this kind of problem to persist.
Here's a
comment from Bruce Eckel, author of
Essential Java and
Essential C++ regarding this same issue:
"I began seeing the same kind of code, and realized people were stubbing out exceptions and then they were disappearing. The overhead of checked exceptions was having the opposite effect of what was intended, something that can happen when you experiment (and I now believe that checked exceptions were an experiment based on what someone thought was a good idea, and which I believed was a good idea until recently)."
31
posted on
01/15/2002 7:07:43 PM PST
by
Bush2000
To: unix
To: innocentbystander
Hey man, let it go. We dont have to stoop to this. Heaven forbid you give Dominic some moral equivency.....Reasonable people know that EVERY system has bugs.
But we're not talking about "reasonable people", are we? ;-)
33
posted on
01/15/2002 7:09:27 PM PST
by
Bush2000
To: unix
umm...who the hell runs X on a 'net connected server?!!!You asked the question that I had in mind. The only other thing I can think of is using X for piranha.
34
posted on
01/15/2002 7:09:36 PM PST
by
rdb3
To: Dominic Harr
The title, in fact, the entire piece, is just more dis-information. No working servers were hacked. There is no evidence that this has been done to anything other than a honeypot. This vulnerability has in fact been known since 1999, and was patched. This machine was left open *on purpose*.
Since when has the lack of actual, real-life examples of hacked servers ever stopped you from attacking MS?
35
posted on
01/15/2002 7:11:02 PM PST
by
Bush2000
To: Dominic Harr
If that is the case, then reading
"Online vandals are using a two-month-old security hole " invalidates the article.
Thanks for the link...
To: unix, Dominic Harr
37
posted on
01/15/2002 7:13:45 PM PST
by
Bush2000
To: unix
If that is the case, then reading "Online vandals are using a two-month-old security hole " invalidates the article. I'd say the entire article is a joke. They completely ignore the context.
The real story here is that a HoneyPot actually worked, and caught a hacker using a known exploit.
But *some* people use FR for Clintonista-style disinformation, as a break from their posting of MS press releases.
To: rdb3
I have little exposer to piranha; however, reading some of your other posts before, I imagine you do. Does piranha rely on some lib's within CDE/X?
To: unix
From the first line of the what you posted:
The CERT/CC has received credible reports of scanning and exploitation of Solaris systems running the CDE Subprocess Control Service buffer overflow vulnerability identified in CA-2001-31 and discussed in VU#172583.
I linked to the CA-2001-31 -- the previous mention of this exploit.
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-64 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson