Sign in / up

back to article Solaris admins! Look out – working remote root exploit leaked in Shadow Brokers dump

Now that the sulky Shadow Brokers gang has leaked its archive of stolen NSA exploits, security experts are trawling Uncle Sam's classified attack code – and the results aren't good for anyone using Oracle's Solaris. Matthew Hickey, cofounder of British security shop Hacker House, is among those going through the dumped files, …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Shouldn't say this, but...

    I'm kinda relieved to see that the NSA know their stuff. I would be really depressed if the NSA's files got dumped and all they had were Nigerian 419 scams and Word macro viruses. I *want* them to be impressively good at what they do. It's their target selection that is problematic.

    8 1 Reply
  2. wsm

    Solaris?

    Someone is still running Sparc boxes with Solaris?

    2 15 Reply
    1. A Non e-mouse Silver badge
      Reply Icon

      Re: Solaris?

      Look at the files. There are people still running Solaris 2.5! According to Wikipedia, that was released in 1995 and it went end of support in 2003.

      I just hope they weren't running the security hardened version of Solaris ;-)

      2 0 Reply
      1. the spectacularly refined chap
        Reply Icon

        Re: Solaris?

        I can't say I'm remotely surprised. These days if you're running Solaris, especially on workstations, it's likely something quite specialised, and the OS often gets viewed as a for the life of the machine thing. Sun's historic licensing policies tended to reinforce that view, yes they opened it up considerably towards the end of their days but the attitude tends to stick.

        Sun and now Oracle hardware is good stuff, and if the system is running some oddball or bespoke control app it could well stay in use for a long time.

        14 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Solaris?

          It's quite popular in telecoms.

          True unix, extremely well documented, extremely stable - makes a good platform.

          The Sun hardware is pretty robust too.

          Anon because, er, I need to get my vendor to look into this...

          7 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Solaris?

            Sun hardware is annoyingly robust.

            We have a customer who won't pay to upgrade some critical old dustbuckets to anything supportable.

            "Hah - we'll have the last laugh when they break! We warned them!"

            They're *still* running....

            5 0 Reply
            1. Anonymous Coward
              Reply Icon
              Anonymous Coward

              Re: Solaris?

              Be patient. It will happen eventually. I collected a SPARC station from back in the day, an IPX workstation, and the NVRAM chip died, so all openboot info is set to binary 1, ether addr ff:ff:ff... so not very bootable. I switched to a dual Intel Pentium III using x86 Solaris, but that eventually died too. I think the last time I ran Solaris was in a VM. I was going to get a e450 from Ebay, but those things are too huge to ship around. I have Macs that are older than the IPX that are still running, and a SGI Octane 2 which is still quite serviceable, albeit heavy and noisy.

              Want to take apart an e10k while it's still running so it can be returned while new gear is going in around it? Sure we all do! Sun hardware, so many keys, so much money I will charge your site to admin your silver or purple boxen! :)

              0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Solaris?

      > Someone is still running Sparc boxes with Solaris?

      A few leftovers, which is why this vulnerability was not known about until this disclosure.

      Operating systems that are being used in production and/or critical environments are much more likely to be scrutinised.

      0 2 Reply
    3. Jay 2
      Reply Icon

      Re: Solaris?

      I'm sure there are one or two Solaris boxes round here somewhere. Don't think they're doing much though.

      I used to quite like Solaris pre-10, but never really got to grips with the re-imaginging of init (systemd springs to mind!). But by that time Sun kit in clustered was doomed at our place as it was all replaced by smaller/cheaper Linux boxes.

      1 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Solaris?

        never really got to grips with the re-imaginging of init
        Any software that requires you to manually edit XML, has completely missed the point of this inter-program validated-data format.

        I built up quite a loathing for it. I had to use it when there was no real documentation, no validator, and even now (afaik) modifying the runtime variables/properties will NOT produce the same result as editing them in XML, reloading and then wholly restarting the service (with associated service downtime! How very Windows!).

        0 0 Reply
    4. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Solaris?

      Well, if Solaris wasn't being used, Larry wouldn't have bought Sun, and put money into R&D for Solaris and SPARC. And it's starting to look like their engineered systems will use less and less x86 hw to move to SPARC. Which will only accelerate as they add more software into silicon. Sun introduced on-chip encryption. Oracle just added some for database and compression acceleration.

      On a side note. I'm sitting in a HPe building to help move them from older SPARC hardware to newer SPARC hardware running Solaris 11. Which shows that even Sun's competitors valued what their hardware and OS brought to the table and continues to.

      1 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Solaris?

        AC from 'it's quite popular in telecoms' here.

        I tapped my vendor, and they weren't actually aware of this (which is not massively unfair as it's slipped under the radar of quite a few tech outlets so they might not have spotted it in their daily tech news trawl, because people think no-one uses SunOS/Solaris presumably - CSOnline even claimed it posed 'little threat' which is a rather novel way of describing an exploit that gives a remote attacked a root shell...) and they're have a deek at it and thanked me for bringing it to their attention.

        So if you have Sun gear that's vendor supported, er, yeah, might want to double check they know...

        0 0 Reply
  3. -tim

    Old is new again?

    I'm sure I saw info about both of these long long ago so I wouldn't be calling them zero day. This is why we clean up lines in initd.conf and /etc/rpc when we install systems.

    One program requires running a gui that shouldn't have never even been loaded on most servers and the other requires RPC to be wide open to the world in which case someone has already found all your NFS shares long ago.

    The last patch to Solaris 9 was 26 days ago. Sparc things that won't run 11 (or 11 Early Adopter) should be on SunOS 5.9 Generic_122300-70 for things like sun4u.

    11 0 Reply
    1. Casper
      Reply Icon

      Re: Old is new again?

      The specific Solaris 9 patches (122300-70) was released on 26 Feb *2015*; more than two

      years ago. I think most hardware supported in Solaris 9 would also run Solaris 10 and

      Solaris 10 is still supported.

      0 0 Reply
      1. -tim
        Reply Icon

        Re: Old is new again?

        There was another 9 patch bundled in with the 10 stuff to help it play nice on 11. The last 9 kernel is 2 years old.

        Solaris 10 was junk and 11 won't run on our hardware so we have a choice of 8 or 9 which is what far too many customers have decided as well.

        0 0 Reply
  4. John Sanders
    Linux

    Brace yourselves...

    I'm scared when they begin airing what they have on Linux.

    4 0 Reply
    1. iOS6 user
      Reply Icon

      Re: Brace yourselves...

      Yep .. Linux is even more tranparent :)

      0 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    I wonder...

    If the Oracle team is going to provide any solutions they're developing for free or if they'll be charging a lot of money for it. Because that's the kind of thing I'd expect Oracle to do in all honesty.

    Oh well...

    root@macron:/etc/defaults# rpcinfo

    rpcinfo: can't contact rpcbind: RPC: Port mapper failure - RPC: Success

    ... at least my FreeBSD box is safe because it's not using anything RPC related.

    1 0 Reply
  6. Mahhn

    XP

    at this rate, the most secure OS will be XP with Black Ice by the end of the year.....

    0 0 Reply
  7. cpu_necromancer

    XP

    Nah, it'll be Mach an Micro Kernels not compiled after version 4.1.2 of the GCC which was about the time 3.6.6 started getting a lot more C++ added to it before the production of VX in X86 along with transparent filing systems.

    GCC 7 is being worked on and it now produces error correction with the correct parenthesis.

    But even some of it's maintainers have complained about it's deep "dynamic linking" and how it hooks into different libraries at compile time, for example if you update your system with SSL just as an example, it will compile it "dynamically" for every application that use's it, which is a diabolical state of affairs if one of those applications or libraries ends up compromised.

    Sandboxing will only do so much and thankfully there are alternatives, like as you say: XP

    But I would much rather prefer Windows NT 5.1 with a custom shell like LiteSTEP and no Windows Explorer!

    0 0 Reply
  8. James R Grinter

    The first rule of Solaris on the internet was always to disable every tooltalk and any other non essential rpc daemon, and block off the rest from remote access. If you tell that to the kids these days...

    1 0 Reply
  9. PlinkerTind

    ExaData runs SPARC

    The new ExaData SL6 runs Linux on SPARC M7 cpus. Apparentely these servers are wicked fast, much faster than the x86 versions.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like