Full Disclosure mailing list archives
Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
From: <titus () hush com>
Date: Tue, 16 Sep 2003 16:01:48 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I dont doubt that on a network managed by you this is not a problem. But, I *guarantee* you that, even now, there are no shortage of Solaris boxes that can be owned by exploiting this vulnerability. 4 or 5 years ago this vulnerability was a guaranteed pound sign. On Tue, 16 Sep 2003 13:56:06 -0700 Darren Reed <avalon () caligula anu edu au> wrote:
In some mail from titus () hush com, sie said:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's news worthy. This vulnerability has been privately exploitedforat least 7 years. Most Solaris machines that have sadmin openareexploitable. It's a shame to see an excellent vulnerability such as this finally be made public.What's news here? I mean setting "-S 2" for sadmind (if sadmind is required) has been on the "tighten up" list (for me at least) for just as long. Darren
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj9nlncACgkQlM5X+CwKCzEHQQCgj3Gv+K4NJgHUJys7fsVLLOohN7cA niuinbg0JueTFxDP3C3ZzgmrHMvv =reAv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting iDEFENSE Labs (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting Person (Sep 16)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)
- Re: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting titus (Sep 16)