lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: devon at lithiumnode.com (Person) Subject: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting > It's news worthy. This vulnerability has been privately exploited for > at least 7 years. Most Solaris machines that have sadmin open are exploitable. > It's a shame to see an excellent vulnerability such as this finally > be made public. Kind of like idiot admins leaving null sessions enabled on windows machines have been exploited privately since god-knows-when. This is more an issue of admins not reading man pages getting owned than it is a vulnerability worthy of an announcement. And exploit code? Jesus god, give me a break. [d]