Flaw opens door in Windows, Mac, Linux
A buffer overflow glitch in common communications software could let hackers crash systems, execute malicious code or steal sensitive information, the CERT security center warns.
 | ||||
| | | ||
| Related story Hacking their image  Underground school tries to reprogram reputation | | ||
| ||||
| ||||
The Computer Emergency Response Team (CERT) Coordination Center, a security network based at Carnegie Mellon University, warned on Tuesday that systems using the affected code should immediately apply patches or disable the affected services.
A function in Sun's XDR library contains an integer overflow that can lead to buffer overflows, according to CERT security researchers Jeffrey Havrilla and Cory Cohen. These buffer overflows can allow an attacker to crash a system, execute malicious code or steal sensitive information, Havrilla and Cohen said.
The problem also affects the administration system of Kerberos 5, a widely used network security tool, which could allow attackers to gain control of Kerberos Key Distribution Center authentication functions. This could allow an attacker to gain false authentication with other services. Kerberos is included in Windows 2000.
The MIT Kerberos development team issued a warning and patch on its Web site.
Apple Computer confirmed that its Mac OS X operating system contains the vulnerability, which has been fixed through a recent security advisory, available through the software's automatic update mechanism.
Several sellers of Unix and Unix-like operating systems, including Red Hat, Debian, FreeBSD, Sun and NetBSD, said that their software was affected by the issue, and issued fixes. HP said it was investigating the bug's impact.
Microsoft said it is still investigating how Windows is affected by the problem.
The relevant patches are available from the companies' Web sites, or through the CERT advisory on its Web site.