Solaris sadmind Disabled Authentication Vulnerability

Bugtraq ID:	2354
Class:	Configuration Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 09 1999 12:00AM
Updated:	Apr 18 2006 09:36PM
Credit:	Reported to bugtraq by CERT Coordination Center on Dec 9, 1999
Vulnerable:	Sun SunOS 5.7 _x86 Sun SunOS 5.7 Sun SunOS 5.6 _x86 Sun SunOS 5.6 Sun SunOS 5.5.1 _x86 Sun SunOS 5.5.1 Sun SunOS 5.5 Sun Solaris 2.5.1 _x86 Sun Solaris 2.5.1 Sun Solaris 7.0_x86 Sun Solaris 7.0 Sun Solaris 2.6_x86 Sun Solaris 2.6 Sun Solaris 2.5_x86 Sun Solaris 2.5
Not Vulnerable:

Solaris sadmind Disabled Authentication Vulnerability

Versions of 'sadmind' were shipped with a default of no authentication required. As a result, remote users could access the service and compromise the target system.

Solaris sadmind Disabled Authentication Vulnerability

No exploit is required for this vulnerability.

Solaris sadmind Disabled Authentication Vulnerability

Solution:
The following patches are available in relation to the above problem.

AdminSuite Version Patch ID
__________________ ________
2.3 104468-18 (see Note)
2.3_x86 104469-18 (see Note)

Note: Install patch if AdminSuite is installed. AdminSuite may be installed on SunOS 5.7, 5.6, 5.5.1, 5.5, 5.4 or 5.3.


Sun Solaris 2.6

• Sun 108660-01
  sparc
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun Solaris 7.0

• Sun 108662-01
  sparc
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun Solaris 2.6_x86

• Sun 108661-01
  x86
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun Solaris 2.5

• Sun 108656-01
  sparc
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun Solaris 7.0_x86

• Sun 108663-01
  x86
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun Solaris 2.5_x86

• Sun 108657-01
  x86
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun Solaris 2.5.1 _x86

• Sun 108659-01
  x86
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun Solaris 2.5.1

• Sun 108658-01
  sparc
  http://sunsolve.sun.com


• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun SunOS 5.5.1 _x86

• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun SunOS 5.6 _x86

• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun SunOS 5.6

• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun SunOS 5.7 _x86

• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Sun SunOS 5.7

• Sun sadmin patches
  http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&n av=pub-patches

Solaris sadmind Disabled Authentication Vulnerability

References: