Solaris Flaw Leaves Machines Open to Attacks
A serious security flaw in several versions of Solaris and Trusted Solaris makes it possible for virtually any remote or local user to gain root privileges on a vulnerable machine.There is a serious security flaw in several versions of both Solaris and Trusted Solaris that make it possible for virtually any remote or local user to gain root privileges on a vulnerable machine. There is also a working exploit for this vulnerability circulating in the security community. The problem lies in the Solstice AdminSuite, a set of tools Sun Microsystems Inc. includes with the operating system that allows administrators to perform remote administration tasks. The tool set uses the sadmind daemon to execute these tasks. The daemon by default uses a weak authentication scheme, which allows an attacker to send a series of special Remote Procedure Call (RPC) packets to the daemon and forge a clients identity, according to an advisory on the flaw published Tuesday by iDefense Inc., in Reston, Va.
Once this is accomplished, the attacker can do whatever he chooses on the compromised machine.