Sun Solaris sadmind vulnerability

Sun reports that a unprivileged user may be able to execute arbitrary commands with the permissions of the sadmind(1M) daemon on Solaris systems which have sadmind(1M) enabled in inetd.conf(4).

"The sadmind(1M) daemon normally runs with "root" (uid 0) privileges. If the sadmind(1M) daemon is utilizing the default security level authentication mechanism of AUTH_SYS (see secure_rpc(3NSL)), users may be able to forge AUTH_SYS credentials."

The operating systems affected are: Sun Solaris 9, Sun Solaris 8 and Sun Solaris 7.

More information is found at
http://au.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=category%3Asecurity

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CGI

Show Comments