> It's news worthy. This vulnerability has been privately exploited for > at least 7 years. Most Solaris machines that have sadmin open are exploitable. > It's a shame to see an excellent vulnerability such as this finally > be made public.
Kind of like idiot admins leaving null sessions enabled on windows machines have been exploited privately since god-knows-when. This is more an issue of admins not reading man pages getting owned than it is a vulnerability worthy of an announcement. And exploit code? Jesus god, give me a break. [d] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
