Sun Solaris sadmind vulnerability

Howard Dahdah (Computerworld)
17 September, 2003 11:58
Comments

Sun reports that a unprivileged user may be able to execute arbitrary commands with the permissions of the sadmind(1M) daemon on Solaris systems which have sadmind(1M) enabled in inetd.conf(4).

"The sadmind(1M) daemon normally runs with "root" (uid 0) privileges. If the sadmind(1M) daemon is utilizing the default security level authentication mechanism of AUTH_SYS (see secure_rpc(3NSL)), users may be able to forge AUTH_SYS credentials."

The operating systems affected are: Sun Solaris 9, Sun Solaris 8 and Sun Solaris 7.

More information is found at
http://au.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=category%3Asecurity

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: CGI

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Latest Stories

Community Comments

"here are two phone numbers they called me from if we all ..."

Windows Event Viewer phishing scam remains active
"Great article."

NeuroSky MindWave: Fun with Brainwaves
"Crossover is not free, it is commercial"

20 popular Ubuntu Linux apps you may want to try
"Nokia had a magic path if they were to merge symbian and ..."

Nokia N9: Why you shouldn't buy this device
"I got these CNT'Z GOOD today! Will post it on youtube if ..."

Microsoft at a loss over Event Viewer scam

Whitepapers

All whitepapers

Most Read

Sign up now to get free exclusive access to reports, research and invitation only events.

Most Commented

Featured Whitepapers

Quick Facts on Reducing the Footprint of Printing

Read on.

Featured Download

AVG Anti-Virus Free Edition

Note: This review covers version 8.5 of the software. This software is now in version 9.0. Antivirus program AVG 8.5 Free offers solid features and ...

Zones

Most Popular Whitepapers

Three simple steps to better patch security

It’s estimated that 90% of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting. Yet patching is a persistent challenge for IT managers. With the glut of patches released each year, how do you know which ones are truly critical security patches and which ones aren’t? And how can you identify which computers are actually missing the patches they need? This paper details a simple approach to patching that gives you better visibility into and control over patch assessment and compliance.

Popular tags: Business Management, Security, Storage, Data Centre, Master Data Management

Latest Jobs

Market Place

Sun Solaris sadmind vulnerability

Comments

Post new comment

Windows Event Viewer phishing scam remains active

iPhone 5 rumor rollup for the week ending Feb. 10

Which tablet should I buy? iPad 2 vs Sony Tablet S

Customer service still dogs Telstra

iPad 3 rumour rollup for the week of February 7

Start-up spotlight: Smart Sparrow targets next-generation learning

SA minister urges change to Facebook ban

Microsoft at a loss over Event Viewer scam

Exetel's John Linton passes away

TPG faces customer backlash over slowed net speeds

NBN Co wholesale pricing too high: Telstra

Quick Facts on Reducing the Footprint of Printing

Webcast: The Application Reality

Case Study - TNT Express successfully reduces their paper usage and costs using a new document solution

Reconciling Datacenter consolidation and security: It starts with an integrated approach

AVG Anti-Virus Free Edition

Application Lifecycle Management

HP Converged Storage Zone

EMC Next Generation Backup – Backup & Recovery Solutions

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Three simple steps to better patch security

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Enabling Agile and Intelligent Businesses

Managed Services Strategy Guide

Disaster Recovery Strategy Guide

Computerworld newsletter

Don't have an account?

Sun Solaris sadmind vulnerability

Comments

Post new comment

Computerworld newsletter