| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: titus at hush.com (titus@...h.com) Subject: iDEFENSE Security Advisory 09.16.03: Remote Root Exploitation of Default Solaris sadmind Setting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I dont doubt that on a network managed by you this is not a problem. But, I *guarantee* you that, even now, there are no shortage of Solaris boxes that can be owned by exploiting this vulnerability. 4 or 5 years ago this vulnerability was a guaranteed pound sign. On Tue, 16 Sep 2003 13:56:06 -0700 Darren Reed <avalon@...igula.anu.edu.au> wrote: >In some mail from titus@...h.com, sie said: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> It's news worthy. This vulnerability has been privately exploited >for >> at least 7 years. Most Solaris machines that have sadmin open >are >> exploitable. >> It's a shame to see an excellent vulnerability such as this finally >> be made public. > >What's news here? I mean setting "-S 2" for sadmind (if sadmind >is >required) has been on the "tighten up" list (for me at least) for >just >as long. > >Darren > > -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj9nlncACgkQlM5X+CwKCzEHQQCgj3Gv+K4NJgHUJys7fsVLLOohN7cA niuinbg0JueTFxDP3C3ZzgmrHMvv =reAv -----END PGP SIGNATURE-----
Powered by blists - more mailing lists