full-disclosure - iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <200309161915.h8GJFm41012727@mailserver3.hushmail.com>
From: titus at hush.com (titus@...h.com)
Subject: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's news worthy.  This vulnerability has been privately exploited for
at least 7 years.  Most Solaris machines that have sadmin open are exploitable.
 It's a shame to see an excellent vulnerability such as this finally
be made public.

> Hasn't there always been a warning in the sadmind man page about security
> levels less than 3?  I'm not sure this "exploit" is newsworthy.
>
> [d]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9nYUoACgkQlM5X+CwKCzEocQCfYqY4ViwoPQ/Qyv9iNAoS4rMYyBUA
n3vYZmxYmUaDyHsn1/uvA9vDT/ek
=KsNC
-----END PGP SIGNATURE-----