Bugtraq mailing list archives
Re: sadmind exploits (remote sparc/x86)
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Sat, 11 Dec 1999 08:59:05 +0100
If you want to be a little less appetizing to the bear than the other guy until Sun coughs up a sadmind patch (if you're one of the unlucky sites that has a need for it), get thee hence to ftp://ftp.porcupine.org/pub/security/rpcbind_2.1.tar.gz and replace the rpcbind on your solaris2 system with Weitse's tcpwrapped version. It will NOT stop the buffer overflow in sadmind by any means, but it will stop this particular exploit script from being used by those who cannot fix the code to not ask portmapper for the sadmind port.
While Wietse's portmapper will stop that, there are many more ways to get admind; I suppose the port on which it is registered will not differ very much. Wietse's rpcbind, unfortunately, also hasn't kept up with a few other security fixes found in standard Solaris rpcbind. (The indirect calls mentioned on BUGTRAQ a few months ago) ipfilter should work fine; Darren has made packages avaiable for 64 bit SPARC users that do not have a 64 bit C compiler. If you don't use sadmind, I'd suggest disabling it. It is noit required for local administration through admintool; only when you install AdminSuite, (which is not on the standard Solaris CDs), sadmind will get some function. If you run it at all, you should always run it with the "-S 2" option; as the default authentication mechanism used is flawed. Note that the "-S 2" option does not protect against this attack. Casper
Current thread:
- ssh/rsaref bo exploit code, (continued)
- ssh/rsaref bo exploit code Iván Arce (Dec 16)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Rob Jones (Dec 16)
- More on Red Hat 6.1 sysklogd David F. Skoll (Dec 19)
- Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) suid (Dec 19)
- Netscape password scrambling Gary McGraw (Dec 20)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Holger van Lengerich (Dec 20)
- Microsoft Security Bulletin (MS99-059) Microsoft Product Security (Dec 20)
- (Possible) Linuxconf Remote Buffer Overflow Vulnerability Elias Levy (Dec 21)
- Infoseek Ultraseek Remote Buffer Overflow luciano (Dec 16)
- Re: Infoseek Ultraseek Remote Buffer Overflow Marc (Dec 16)
- Re: sadmind exploits (remote sparc/x86) Casper Dik (Dec 10)