Security authorities have issued a warning about a "serious vulnerability" in the login system used by Sun Solaris.

Versions of Solaris 8 and earlier are vulnerable to an exploit that could allow remote attackers to execute arbitrary commands on a system with super-user privileges.

Although systems are only vulnerable if interactive connections are allowed, such as Telnet or Rlogin which are enabled by default, security firm ISS X-Force warned that an exploit is already in circulation on the underground.

According to research, a static buffer overflow vulnerability is present in the login system which incorrectly handles long environment variables passed to it by the connection program, such as Telnet.

At present, Sun has not released a fix. The advisory has gone out early because the exploit is already in the public arena.

ISS X-Force suggests disabling terminal connection services and installing Secure Shell as a workaround until the patch comes out.

A Computer Emergency Response Team advisory is available here, and the Sun patches will be downloadable from here.