Bugtraq mailing list archives
Re: Solaris sadmind Buffer Overflow Vulnerability
From: Brad.Powell () ENG SUN COM (Brad Powell)
Date: Fri, 10 Dec 1999 13:12:10 -0800
Hi >Alfred,
The exploit has been sent to Sun and is currently under inspection. When it is publicly available it will be posted to Bugtraq and to the SecurityFocus.com Vuldb.
true, but not via the proper channels until recently :-(
If someone else posts this vulnerability to the list, we will of course allow it.
:-) ;^}
Workaround: Unless you require sadmin (if your using the Solstice AdminSuite you do) we suggest you comment sadmind out from your /etc/inetd.conf entry. By default, the line in /etc/inetd.conf that starts sadmind appears as follows: 100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind If you do require this service we suggest you block all access to it from external networks via filtering rulesets on your router(s) or Firewall(s).
You missed a couple other things that will help. Tcp_wrappers on the service, Running 'sadmind -S2' and setting the stack to noexec_user_stack =1" via /etc/system (from the titan module that does this) * Don't allow executing code on the stack *set noexec_user_stack = 1 * And log it when it happens. *set noexec_user_stack_log = 1 set nfssrv:nfs_portmon = 1 ============================================================================ Brad Powell : brad () fish com (WORK: brad.powell () Sun COM) Sr. Network Security Architect Sun Microsystems Inc. ============================================================================ The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. ============================================================================
Current thread:
- Re: Solaris sadmind Buffer Overflow Vulnerability Brad Powell (Dec 10)
- Re: Solaris sadmind Buffer Overflow Vulnerability Anthony D. Urso (Dec 12)