Full Disclosure mailing list archives
Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
From: Person <devon () lithiumnode com>
Date: Tue, 16 Sep 2003 13:36:16 -0700 (PDT)
It's news worthy. This vulnerability has been privately exploited for at least 7 years. Most Solaris machines that have sadmin open are exploitable. It's a shame to see an excellent vulnerability such as this finally be made public.
Kind of like idiot admins leaving null sessions enabled on windows machines have been exploited privately since god-knows-when. This is more an issue of admins not reading man pages getting owned than it is a vulnerability worthy of an announcement. And exploit code? Jesus god, give me a break. [d] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting iDEFENSE Labs (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Darren Reed (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)