Security hole in Sun Solaris left unpatched for months
Sun Microsystems has reported a vulnerability allowing logged-in users to crash or compromise a Solaris system, some six months after the problem first became apparent. The bug is an off-by-one buffer overflow in the inet_network
function in the libsocket
and libresolv
libraries as well as the libc.so.1.9
and libc.so.2.9
SunOS 4.x binary compatibility libraries in Solaris. The function resolves IP addresses into plain text names and vice versa.
All applications which use the vulnerable library are affected. In principle, the hole may also be exploited remotely if a network application submits parameters entered remotely to the function without further checks.
Sun has so far not provided a fix or suggested a workaround. Other vendors including IBM, Suse, Red Hat and ISC(BIND) have fixed this problem in their own systems some time ago.
See also:
- Security Vulnerability in inet_network() Library Routine May Allow Denial of Service (DoS) to Applications, Sun Microsystems security advisory
(mba)