In association with heise online

26 May 2009, 11:20

Sun eliminates critical vulnerabilities in Solaris 8 and 9

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sun Microsystems has published patches for Solaris 8 and 9 to eliminate multiple critical vulnerabilities in sadmind (Solstice AdminSuite Daemon). The sadmind daemon enables distributed system administration operations within the Solstice AdminSuite collection of applications. The reported cause is heap and integer overflows when crafted Remote Procedure Call (RPC) packets are processed. Attackers can exploit this remotely (although, as a rule, only on the LAN) to execute commands with root rights.

The versions for SPARC and x86 are affected. Solaris 10 and OpenSolaris are not vulnerable, because sadmind is not supplied with them. The command grep sadmind /etc/inet/inetd.conf shows whether sadmind is active on the system. As an alternative to applying the patches, users can disable sadmind. Instructions for doing so are given in Sun's report.

Security service provider Secunia told Sun about the vulnerabilities as long ago as last October.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit