[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
- From: Person <devon@xxxxxxxxxxxxxxx>
- Date: Tue, 16 Sep 2003 13:36:16 -0700 (PDT)
> It's news worthy. This vulnerability has been privately exploited for
> at least 7 years. Most Solaris machines that have sadmin open are
> exploitable.
> It's a shame to see an excellent vulnerability such as this finally
> be made public.
Kind of like idiot admins leaving null sessions enabled on windows
machines have been exploited privately since god-knows-when. This is more
an issue of admins not reading man pages getting owned than it is a
vulnerability worthy of an announcement. And exploit code? Jesus god,
give me a break.
[d]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html