Sun Microsystems Solaris hole opening way for hackers

CNet News.com ^ | January 15, 2002, 5:30 p.m. PT | Robert Lemos

[go star go]

Online vandals are using a two-month-old security hole in Sun Microsystems' Solaris operating system to break into servers on the Internet, a security expert said Tuesday.

maybe you'd like to read the first sentence of this post. it says that solaris has a two month hole in it. it does not say they created the hole.

[Michael Barnes]

If I am looking at the same patch that is mentioned in the article, the patch is over a month old already (Sun Patch). If the above doc is speaking of the CDE overflow, umm...who the hell runs X on a 'net connected server?!!!

[Dominic Harr]

The problem is based on error handling routines called exceptions.

We so agree.

In Java, all exceptions must be handled. No choice. C# decided to leave that out, and allows this kind of problem to persist. They have 'experts' who convinced MS that this wasn't a problem.

What do you think -- did C# make a mistake?

[Bush2000]

You'd be even more shocked if you actually READ what the HoneyNet Project was about instead of spreading the misinformation you are engaging in.

Material facts: Sun Solaris has a 2-month old security hole. Hackers can exploit that hole now -- today. The motive of who found it is irrelevant.

[Dominic Harr]

If the above doc is speaking of the CDE overflow, umm...who the hell runs X on a 'net connected server?!!!

Answer -- this was a project specifically set up for this purpose: The Honeynet Project--a group of experts in computer security, information intelligence and psychology--unveiled Thursday its plans for improving "honeynets," collections of computers designed to let hackers break into a false network while allowing investigators to watch their every move.

The title, in fact, the entire piece, is just more dis-information. No working servers were hacked. There is no evidence that this has been done to anything other than a honeypot. This vulnerability has in fact been known since 1999, and was patched. This machine was left open *on purpose*.

This was a story about the honey pot. Some people are trying to use that to confuse people.

[Michael Barnes]

What exactly is the hole Bush2000? I believe it is the login buffer overflow, but am not certain (article is very vague), if so, a patch was issued on Dec. 13. Is this what the document above is pertaining to?

I also see on CERT's page that a CDE exploit has been found; speaking from experience, I NEVER run X on any border (cell) machine.

[Dominic Harr]

This was a machine set up to be hacked on purpose. That's what the HoneyPots are. The hole in CDE has been known since 1999, and was patched. This group specifically left an unpatched machine available with a known exploit to try and catch a hacker.

That's what the HoneyNet project *does*.

The Honeynet Project--a group of experts in computer security, information intelligence and psychology--unveiled Thursday its plans for improving "honeynets," collections of computers designed to let hackers break into a false network while allowing investigators to watch their every move.

[Michael Barnes]

I've run honeypot's before with mediocre security simply to monitor what attacks were coming in. I'm trying to discern what the "hole" is, or is it a matter of wording that is being exploited in this thread. Is it really a two month hole, or is it the hole two months old that has had a patch already issued. If that is the case, it's the sysadmin's fault.

[Michael Barnes]

sub-note: I know, honey-pots are purpously left open to entice hackers to attack....

[Bush2000]

In Java, all exceptions must be handled. No choice. C# decided to leave that out, and allows this kind of problem to persist.

Here's a comment from Bruce Eckel, author of Essential Java and Essential C++ regarding this same issue:

"I began seeing the same kind of code, and realized people were stubbing out exceptions and then they were disappearing. The overhead of checked exceptions was having the opposite effect of what was intended, something that can happen when you experiment (and I now believe that checked exceptions were an experiment based on what someone thought was a good idea, and which I believed was a good idea until recently)."

[Dominic Harr]

It's a hole from 1999, that was patched.

The CERT advisory:

This vulnerability was first reported to us in March 1999

[Bush2000]

Hey man, let it go. We dont have to stoop to this. Heaven forbid you give Dominic some moral equivency.....Reasonable people know that EVERY system has bugs.

But we're not talking about "reasonable people", are we? ;-)

[rdb3]

umm...who the hell runs X on a 'net connected server?!!!

You asked the question that I had in mind. The only other thing I can think of is using X for piranha.

[Bush2000]

The title, in fact, the entire piece, is just more dis-information. No working servers were hacked. There is no evidence that this has been done to anything other than a honeypot. This vulnerability has in fact been known since 1999, and was patched. This machine was left open *on purpose*.

Since when has the lack of actual, real-life examples of hacked servers ever stopped you from attacking MS?

[Michael Barnes]

If that is the case, then reading "Online vandals are using a two-month-old security hole " invalidates the article.

Thanks for the link...

[Bush2000]

Here's the CERT link from the article: http://www.cert.org/advisories/CA-2002-01.html. It appears to be new and different from links you've posted previously.

[Dominic Harr]

If that is the case, then reading "Online vandals are using a two-month-old security hole " invalidates the article.

I'd say the entire article is a joke. They completely ignore the context.

The real story here is that a HoneyPot actually worked, and caught a hacker using a known exploit.

But *some* people use FR for Clintonista-style disinformation, as a break from their posting of MS press releases.

[Michael Barnes]

I have little exposer to piranha; however, reading some of your other posts before, I imagine you do. Does piranha rely on some lib's within CDE/X?

[Dominic Harr]

From the first line of the what you posted:

The CERT/CC has received credible reports of scanning and exploitation of Solaris systems running the CDE Subprocess Control Service buffer overflow vulnerability identified in CA-2001-31 and discussed in VU#172583.

I linked to the CA-2001-31 -- the previous mention of this exploit.