Printer bug found in Sun's Solaris software

Researchers at a security services company reported a bug on Tuesday in Sun Microsystems' widely used Solaris operating system which they said could allow a hacker to access a company's network via default printer software included with the OS.

The printer daemon, as it's called, is included as a standard feature of Solaris and is used to handle print requests from remote users. The software contains a flaw that could allow a hacker to access the server and gain control over most network functions, confirmed Sun spokesman Russell Castronovo.

Sun played down the significance of the flaw, saying it has yet to receive an official report from a customer about the problem. In addition, most companies create access barriers to these printer functions, making them less vulnerable to attack. Sun has been aware of the problem since April and plans to make a patch available in July, Castronovo said.

Until the patches arrive, Internet Security Systems, the security firm that reported the bug, recommends that users disable the "in.lpd" print protocol daemon on printers that may be vulnerable. If a system is not disabled, attackers can gain root user access to the system and have the ability to look at and make changes to computing systems on a network, ISS said.

The bug affects the following versions of Solaris, according to ISS: 2.6, 2.6 x86, 7, 7 x86, 8 and 8 x86.

Join the newsletter!

Error: Please check your email address.

More about Internet Security SystemsISS GroupSecurity SystemsSun Microsystems

Show Comments
[]