Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

titus Tue, 16 Sep 2003 12:55:44 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's news worthy.  This vulnerability has been privately exploited for
at least 7 years.  Most Solaris machines that have sadmin open are exploitable.
 It's a shame to see an excellent vulnerability such as this finally
be made public.


> Hasn't there always been a warning in the sadmind man page about security
> levels less than 3?  I'm not sure this "exploit" is newsworthy.
>
> [d]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9nYUoACgkQlM5X+CwKCzEocQCfYqY4ViwoPQ/Qyv9iNAoS4rMYyBUA
n3vYZmxYmUaDyHsn1/uvA9vDT/ek
=KsNC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

Reply via email to