Hi >Alfred, > >The exploit has been sent to Sun and is currently under inspection. When >it is publicly available it will be posted to Bugtraq and to the >SecurityFocus.com Vuldb. true, but not via the proper channels until recently :-( > If someone else posts this vulnerability to the >list, we will of course allow it. :-) ;^} > > Workaround: > > Unless you require sadmin (if your using the Solstice AdminSuite you do) >we suggest you comment sadmind out from your /etc/inetd.conf entry. > > By default, the line in /etc/inetd.conf that starts sadmind appears as >follows: > > 100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind > > If you do require this service we suggest you block all access to it from >external networks via filtering rulesets on your router(s) or Firewall(s). > > You missed a couple other things that will help. Tcp_wrappers on the service, Running 'sadmind -S2' and setting the stack to noexec_user_stack =1" via /etc/system (from the titan module that does this) * Don't allow executing code on the stack *set noexec_user_stack = 1 * And log it when it happens. *set noexec_user_stack_log = 1 set nfssrv:nfs_portmon = 1 ============================================================================ Brad Powell : bradat_private (WORK: brad.powellat_private) Sr. Network Security Architect Sun Microsystems Inc. ============================================================================ The views expressed are those of the author and may not reflect the views of Sun Microsystems Inc. ============================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:19:48 PDT