Security Incidents mailing list archives
Re: sadmind hack?
From: pjetly () CS TAMU EDU (Prateek Jetly)
Date: Tue, 18 Apr 2000 20:01:58 -0500
Did anyone know if sadmindex works on Solaris 2.5.1. (sparc) and if there is a patch. Securityfocus lists as this as vulnerable. thanks Prateek
Hi allThe exploit is difficult to get right because you have to know the appropriate offsets for the exact version (and configuration) of the victim system. Therefore, you often see multiple attempts in a row.I think this cause by the sadmbrute.c. The program will brute force the sp for the sadmindex hack (by Cheez Whiz) to success. I run this against my unpatched solaris 2.6 and i get exactly the same messages under my /var/adm. btw, this what you got when you run sadmbrute. [xxx@xx code]$ sadmbrute sadmindex sp brute forcer - by elux usage: sadmbrute [arch] <host> arch: 1 - x86 Solaris 2.6 2 - x86 Solaris 7.0 3 - SPARC Solaris 2.6 4 - SPARC Solaris 7.0 !EOT --labu -----Original Message----- From: Incidents Mailing List [mailto:<A HREF="mailto:INCIDENTS () securityfocus com">INCIDENTS@security focus.com</A>]On Behalf Of Yip Chan Keong Sent: Wednesday, April 12, 2000 11:13 PM To: <A HREF="mailto:INCIDENTS () securityfocus com">INCIDENTS@security focus.com</A> Subject: sadmind hack? I have gotten the following messages in my /var/adm/messages file on my solaris 2.6 host. is it a sign of break in? telnet and ftp on my host are limited by tcp wrappers. any idea how is the exploit made? Apr 12 06:43:34 xxxx inetd[138]: /usr/sbin/sadmind: Bus Error - core dumped Apr 12 06:43:36 xxxx inetd[138]: /usr/sbin/sadmind: Segmentation Fault - core dumped Apr 12 06:43:39 xxxx inetd[138]: /usr/sbin/sadmind: Bus Error - core dumped Apr 12 06:43:41 xxxx inetd[138]: /usr/sbin/sadmind: Segmentation Fault - core dumped Apr 12 06:43:44 xxxx inetd[138]: /usr/sbin/sadmind: Hangup many thanks and regards, /yck
Current thread:
- sadmind hack? Yip Chan Keong (Apr 12)
- Re: sadmind hack? Ex Machina (Apr 13)
- Re: sadmind hack? Robert Graham (Apr 13)
- Re: sadmind hack? Fyodor (Apr 16)
- Weird Ping requests Erick Brockway (Apr 16)
- Re: Weird Ping requests Richard Bejtlich (Apr 18)
- Re: Weird Ping requests Erick Brockway (Apr 21)
- Re: sadmind hack? Labu Labi (Apr 17)
- Re: sadmind hack? Prateek Jetly (Apr 18)
- Re: sadmind hack? Chad Roberts (Apr 14)
- Strange UDP traffic Ed Padin (Apr 14)
- Port 6502 Tony Lambiris (Apr 16)
- <Possible follow-ups>
- Re: sadmind hack? Oliver Friedrichs (Apr 13)
- Re: sadmind hack? Spoonm Spoonm (Apr 18)