Full Disclosure mailing list archives

Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

From: Person <devon () lithiumnode com>
Date: Tue, 16 Sep 2003 13:36:16 -0700 (PDT)

It's news worthy.  This vulnerability has been privately exploited for
at least 7 years.  Most Solaris machines that have sadmin open are exploitable.
 It's a shame to see an excellent vulnerability such as this finally
be made public.


Kind of like idiot admins leaving null sessions enabled on windows
machines have been exploited privately since god-knows-when.  This is more
an issue of admins not reading man pages getting owned than it is a
vulnerability worthy of an announcement.  And exploit code?  Jesus god,
give me a break.

[d]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting iDEFENSE Labs (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)
  - Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Darren Reed (Sep 16)
  - Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)