Sun eliminates critical vulnerabilities in Solaris 8 and 9
Sun Microsystems has published patches for Solaris 8 and 9 to eliminate multiple critical vulnerabilities in sadmind (Solstice AdminSuite Daemon). The sadmind daemon enables distributed system administration operations within the Solstice AdminSuite collection of applications. The reported cause is heap and integer overflows when crafted Remote Procedure Call (RPC) packets are processed. Attackers can exploit this remotely (although, as a rule, only on the LAN) to execute commands with root rights.
The versions for SPARC and x86 are affected. Solaris 10 and OpenSolaris are not vulnerable, because sadmind is not supplied with them. The command grep sadmind /etc/inet/inetd.conf shows whether sadmind is active on the system. As an alternative to applying the patches, users can disable sadmind. Instructions for doing so are given in Sun's report.
Security service provider Secunia told Sun about the vulnerabilities as long ago as last October.
- Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution, report by Sun
- Sun Solaris "sadmind" Integer Overflow Vulnerability, report by Secunia