Security Hole Found in IBM, Sun Servers

A recently uncovered security hole could give hackers full access to Unix servers from IBM Corp. and Sun Microsystems Inc., experts said.

Though no major breaches have been reported so far, the flaw could be used in worms that automatically seek out and infect vulnerable systems, said Dan Ingevaldson of Internet Security Systems.

The problem stems from a flaw in the operating system’s login program, which grants access by usernames and passwords.

Because the program is used by remote-access software, the flaw can be exploited by people who do not have direct access to the system.

Patches are now available to fix machines that are running Sun Solaris and IBM AIX operating systems.

Other major Unix-based operating systems--including Mac OS X, Hewlett-Packard’s HP-UX and Compaq’s Tru64--are not affected, CERT said.