-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I dont doubt that on a network managed by you this is not a problem. But, I *guarantee* you that, even now, there are no shortage of Solaris boxes that can be owned by exploiting this vulnerability. 4 or 5 years ago this vulnerability was a guaranteed pound sign.
On Tue, 16 Sep 2003 13:56:06 -0700 Darren Reed <[EMAIL PROTECTED]> wrote: >In some mail from [EMAIL PROTECTED], sie said: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> It's news worthy. This vulnerability has been privately exploited >for >> at least 7 years. Most Solaris machines that have sadmin open >are >> exploitable. >> It's a shame to see an excellent vulnerability such as this finally >> be made public. > >What's news here? I mean setting "-S 2" for sadmind (if sadmind >is >required) has been on the "tighten up" list (for me at least) for >just >as long. > >Darren > > -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj9nlncACgkQlM5X+CwKCzEHQQCgj3Gv+K4NJgHUJys7fsVLLOohN7cA niuinbg0JueTFxDP3C3ZzgmrHMvv =reAv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
