A fifth of large corporate users could be vulnerable to a newly discovered security flaw that allows hackers to gain remote control of Unix boxes running Solaris and MandrakeSoft's Linux distro.

The flaw was discovered by UK security consultancy ProCheckUp which released the details before official Cert verification, because a freely available hacker's scanner was found to be already searching for the hole.

The problem centres on the default configuration of the X Display Manager Control Protocol (XDMCP), which allows remote access.

When this is enabled, hackers can gain access and are presented with a graphical list of users and usernames on that box. They only have to crack the password to take control.

"It gives someone remote control over your desktop and machine without you knowing it, which is serious," said Richard Brain, technical director at ProCheckUp.

Brain discovered the hole during testing of a customer's internet-connected servers. "We are looking at about 20 per cent of our big clients with their own DNS servers that are vulnerable," he said.

The problem has been confirmed on Unix boxes running all versions of Sun Solaris and versions of Linux Mandrake up to 8.1. But Brain is now investigating reports it also affects SuSE Linux and Irix.

If the server sits behind a properly configured firewall, that will give further protection, but ultimately remote access needs to be disabled and traffic blocked on the ports used by the XDMCP protocol.

This is a relatively easy task for IT managers, and the remote connections can be disabled in seconds by simply changing the configuration of the XDMCP server.

Full details of the vulnerability and how to fix it are available here