Forwarded from: matthew patton <pattonme@private> --- InfoSec News <isn@private> wrote: > http://www.eweek.com/article2/0,4149,1269800,00.asp > > By Dennis Fisher > September 16, 2003 > > There is a serious security flaw in several versions of both Solaris > and Trusted Solaris that make it possible for virtually any remote or > > local user to gain root privileges on a vulnerable machine. so all that NSA code-review and all that jaz to get the "trusted" certification didn't come across this bug eh? So, what's the cert worth then? IMO zilch. > The problem lies in the Solstice AdminSuite, a set of tools Sun > Microsystems Inc. includes with the operating system that allows > administrators to perform remote administration tasks. And a tool I hate with a passion. Actually any obligatory GUI tool is something I despise when the commandline is perfectly capable. > The sadmind daemon is installed by default on most default > installations of Solaris. and unfortunately I'd wager that 98% of installed systems are default. Pity despite the YEARS of security people trying to hammer home the concept, few admins bother to strip their boxes of EVERYTHING that is not specifically, absolutely necessary. Will it ever end? __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Sep 22 2003 - 03:54:58 PDT