Full Disclosure mailing list archives

Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

From: <titus () hush com>
Date: Tue, 16 Sep 2003 12:15:47 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's news worthy.  This vulnerability has been privately exploited for
at least 7 years.  Most Solaris machines that have sadmin open are exploitable.
 It's a shame to see an excellent vulnerability such as this finally
be made public.

Hasn't there always been a warning in the sadmind man page about security
levels less than 3?  I'm not sure this "exploit" is newsworthy.

[d]

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9nYUoACgkQlM5X+CwKCzEocQCfYqY4ViwoPQ/Qyv9iNAoS4rMYyBUA
n3vYZmxYmUaDyHsn1/uvA9vDT/ek
=KsNC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting iDEFENSE Labs (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)
  - Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Darren Reed (Sep 16)
  - Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)