[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
From: <titus@xxxxxxxx>
Date: Tue, 16 Sep 2003 12:15:47 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's news worthy.  This vulnerability has been privately exploited for
at least 7 years.  Most Solaris machines that have sadmin open are exploitable.
 It's a shame to see an excellent vulnerability such as this finally
be made public.

> Hasn't there always been a warning in the sadmind man page about security
> levels less than 3?  I'm not sure this "exploit" is newsworthy.
>
> [d]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9nYUoACgkQlM5X+CwKCzEocQCfYqY4ViwoPQ/Qyv9iNAoS4rMYyBUA
n3vYZmxYmUaDyHsn1/uvA9vDT/ek
=KsNC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
  - From: Person
- Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
  - From: Darren Reed

Prev by Date: RE: [Full-Disclosure] IE Object Type Validation Vulnerability Exp loit
Next by Date: [Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
Previous by thread: Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
Next by thread: Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting
Index(es):
- Date
- Thread