LONDON--Researchers have discovered a bug that could give hackers unlimited access to any machine running Sun's Unix operating system, Solaris. The bug, discovered by security consultancy ISS X-Force, affects a utility designed to give remote users access to a local printer. The line printer daemon (in.lpd), as it is called, contains a flaw in the "transfer job" routine that could allow hackers to overflow an unchecked buffer, a common means of gaining unauthorized access to a computer. Hackers could exploit the flaw to crash the printer daemon or execute malicious code with system administrator privileges, according to X-Force. The printer software is installed by default on all Solaris systems.
Sun says it is working on a fix, which will be available next month, and X-Force recommends the software be turned off until the patch is available. Solaris runs on Sun Microsystems and Intel hardware, and is the dominant operating system for high-end Internet servers.
Staff writer Matthew Broersma reported from London.
Be respectful, keep it clean and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time at our discretion.