---

NY Times: Security Flaw Is Discovered in Several Unix Programs

“A leading computer security group is reporting a significant
rise in potentially dangerous attacks that exploit security holes
in programs shipped with the Unix operating system.”

“The full extent of the damage might not yet be evident — and
may not be for some time — because the attacks, when successful,
give those cracking into a network what is known as “root access,”
basically complete control over the server.”

“… a wide range of organizations, from small companies to
universities and large corporations, reported being attacked last
week.”

“While the attacks did some mischief, like altering Web pages,
Todd said he had not seen any serious damage so far.”

“The attacks primarily exploit software that manages an
appointment calendar program that is shipped with Unix operating
systems from makers of powerful servers, including Sun Microsystems
Inc. and Hewlett-Packard Co. Sun has already released a patch for
the problem, and Hewlett-Packard plans to do so soon, according to
CERT.”

“The calendar bug involves what is known as a “buffer overflow”
vulnerability…’


Complete story
. (Free site registration required.)