sadmind AUTH_SYS authentication vulnerability

Added: 01/09/2006
CVE: CVE-2003-0722
BID: 8615
OSVDB: 4585

Background

sadmind is a service which coordinates distributed system administration operations remotely. The Sun Solstice AdminSuite runs sadmind with the AUTH_SYS authentication method by default.

Problem

The sadmind running with the AUTH_SYS authentication method allows remote attackers to execute arbitrary commands.

Resolution

If the sadmind service is not needed, disable it service by commenting the line beginning with "100232" out of /etc/inetd.conf, and restarting the inetd process. Otherwise, install the patches referenced in Sun Alert 56740.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=6

Platforms

SunOS

Back to exploit index