Security Incidents mailing list archives

Re: sadmind hack?

From: spoonm () SPOONTECH NET (Spoonm Spoonm)
Date: Tue, 18 Apr 2000 22:46:11 -0500


sadmind is very very exploitable..
its like sunos5.6 - 5.7
easy way to fix it
kill the binarry
then also have the rpc no open the rpcport
you might already have been hacked, but dont know do to the fact sadmind
runs the commands that the hacker wants
i would look for odd users, and make sure no trojans exists, specially in
login

-spoonm
-----Original Message-----
From: Yip Chan Keong <ckyip () SINGAREN NET SG>
To: INCIDENTS () SECURITYFOCUS COM <INCIDENTS () SECURITYFOCUS COM>
Date: Thursday, April 13, 2000 7:37 PM
Subject: sadmind hack?

I have gotten the following messages in my /var/adm/messages file on my
solaris 2.6 host. is it a sign of break in? telnet and ftp on my host are
limited by tcp wrappers. any idea how is the exploit made?

Apr 12 06:43:34 xxxx inetd[138]: /usr/sbin/sadmind: Bus Error - core dumped
Apr 12 06:43:36 xxxx inetd[138]: /usr/sbin/sadmind: Segmentation Fault -
core
dumped
Apr 12 06:43:39 xxxx inetd[138]: /usr/sbin/sadmind: Bus Error - core dumped
Apr 12 06:43:41 xxxx inetd[138]: /usr/sbin/sadmind: Segmentation Fault -
core
dumped
Apr 12 06:43:44 xxxx inetd[138]: /usr/sbin/sadmind: Hangup

many thanks and regards,
/yck

Current thread:

Re: sadmind hack?, (continued)
- - Re: sadmind hack? Fyodor (Apr 16)
  - Weird Ping requests Erick Brockway (Apr 16)
    - Re: Weird Ping requests Richard Bejtlich (Apr 18)
    - Re: Weird Ping requests Erick Brockway (Apr 21)
  - Re: sadmind hack? Labu Labi (Apr 17)
    - Re: sadmind hack? Prateek Jetly (Apr 18)
- Re: sadmind hack? Chad Roberts (Apr 14)
- Strange UDP traffic Ed Padin (Apr 14)
- Port 6502 Tony Lambiris (Apr 16)
- Re: sadmind hack? Oliver Friedrichs (Apr 13)
- Re: sadmind hack? Spoonm Spoonm (Apr 18)