Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

[<titus () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I dont doubt that on a network managed by you this is not a problem.
 But, I *guarantee* you that, even now, there are no shortage of Solaris
boxes that can be owned by exploiting this vulnerability.  4 or 5 years
ago this vulnerability was a guaranteed pound sign.

On Tue, 16 Sep 2003 13:56:06 -0700 Darren Reed <avalon () caligula anu edu au>
wrote:
> In some mail from titus () hush com, sie said:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > It's news worthy.  This vulnerability has been privately exploited
> for
> > at least 7 years.  Most Solaris machines that have sadmin open
> are
> > exploitable.
> > It's a shame to see an excellent vulnerability such as this finally
> > be made public.
>
> What's news here?  I mean setting "-S 2" for sadmind (if sadmind
> is
> required) has been on the "tighten up" list (for me at least) for
> just
> as long.
>
> Darren
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9nlncACgkQlM5X+CwKCzEHQQCgj3Gv+K4NJgHUJys7fsVLLOohN7cA
niuinbg0JueTFxDP3C3ZzgmrHMvv
=reAv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html