Information Security News mailing list archives
Re: Solaris Flaw Leaves Machines Open to Attacks
From: InfoSec News <isn () c4i org>
Date: Mon, 22 Sep 2003 01:57:51 -0500 (CDT)
Forwarded from: matthew patton <pattonme () yahoo com> --- InfoSec News <isn () c4i org> wrote:
http://www.eweek.com/article2/0,4149,1269800,00.asp By Dennis Fisher September 16, 2003 There is a serious security flaw in several versions of both Solaris and Trusted Solaris that make it possible for virtually any remote or local user to gain root privileges on a vulnerable machine.
so all that NSA code-review and all that jaz to get the "trusted" certification didn't come across this bug eh? So, what's the cert worth then? IMO zilch.
The problem lies in the Solstice AdminSuite, a set of tools Sun Microsystems Inc. includes with the operating system that allows administrators to perform remote administration tasks.
And a tool I hate with a passion. Actually any obligatory GUI tool is something I despise when the commandline is perfectly capable.
The sadmind daemon is installed by default on most default installations of Solaris.
and unfortunately I'd wager that 98% of installed systems are default. Pity despite the YEARS of security people trying to hammer home the concept, few admins bother to strip their boxes of EVERYTHING that is not specifically, absolutely necessary. Will it ever end? __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Solaris Flaw Leaves Machines Open to Attacks InfoSec News (Sep 18)
- <Possible follow-ups>
- Re: Solaris Flaw Leaves Machines Open to Attacks InfoSec News (Sep 22)