Full Disclosure mailing list archives
Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
From: <titus () hush com>
Date: Tue, 16 Sep 2003 12:15:47 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's news worthy. This vulnerability has been privately exploited for at least 7 years. Most Solaris machines that have sadmin open are exploitable. It's a shame to see an excellent vulnerability such as this finally be made public.
Hasn't there always been a warning in the sadmind man page about security levels less than 3? I'm not sure this "exploit" is newsworthy. [d]
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj9nYUoACgkQlM5X+CwKCzEocQCfYqY4ViwoPQ/Qyv9iNAoS4rMYyBUA n3vYZmxYmUaDyHsn1/uvA9vDT/ek =KsNC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting iDEFENSE Labs (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)