Shadow Brokers' malware release includes Oracle Solaris administrator-access security flaw

US National Security Agency had 'skeleton keys' to any Oracle/Sun Solaris system for decades

An analysis of some of the new files dumped by Shadow Brokers, a hacking group of unknown provenance that claims to have cracked a server holding a cache of US National Security Agency (NSA) developed hacking tools, suggests that the NSA has for decades had at least two tools for obtaining root-access to Oracle/Sun Solaris Unix servers.

The tools, dubbed ExtremeParr and Ebbisland, were examined by Matthew Hickey, co-founder of security outfit Hacker House. He described ExtremeParr as a "zero-day local privilege escalation attack" that would work on Sun/Oracle Solaris versions 7,8,9 and 10 running on x86 microprocessors and Sun Sparc - all "confirmed and tested, [all] platforms and versions".

Ebbisland, meanwhile, is a remote code execution vulnerability that affects Solaris 6 to 10 (possibly newer, according to Hickey) and, again, running on both x86 and Sparc. "It exploits an overflow in XDR via any open remote-procedure call service on Solaris 6 - 10," Hickey added.

Hickey indicated to The Register, that the tools could applied against pretty much any server running Solaris anywhere in the world, and could be run out-of-the-box with very little technical know-how.

And, because of the specialist nature of the software that might run on such machines, there are still 100,000 or more vulnerable Solaris servers attached to the internet - even running Solaris 7, which was released in June 1992.

And Hickey also indicated that the Shadow Brokers files might reveal some more intriguing secrets - such as NSA hacks against Microsoft Windows. "The @shadowbrokerss have yet to release full Windows tools dump ... If the last releases are anything to go by the best is yet to come," he tweeted.

Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.

Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.

Attendance is free to qualifying IT professionals and IT leaders - register now!