sadmind
CVE 1999-0977
Impact
A vulnerability in sadmind could allow a remote
attacker to execute arbitrary commands with root privileges.
Background
sadmind is a service which coordinates distributed
system administration operations remotely. It runs by default on
some versions of Solaris, and is part of an optional package on
other versions.
The Problem
Due to a buffer overflow condition, it is possible for an attacker
to overwrite the stack pointer in sadmind, thus
gaining the ability to execute arbitrary commands on the system.
Since sadmind is installed as root, the arbitrary
commands are executed with root privileges. All versions of
sadmind on Solaris operating systems are vulnerable
unless a patch has been applied.
Resolution
Disable the sadmind service if it is not
needed. This can be done by removing the line that enables sadmind
in /etc/inetd.conf. Look for the line that starts
with the number 100232 and either delete it or comment
it out by putting a pound sign (#) in front of the line.
If sadmind is needed, then apply the appropriate
patch.
Where can I read more about this?
More about this vulnerability, including patch information, can be found in
CERT Advisory 99-16 and
Sun Security Bulletin 191.