[25] in Security FYI
new security hole found in sadmind program
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Fri Dec 10 16:53:14 1999
From: mhpower@MIT.EDU
Date: Fri, 10 Dec 1999 16:53:05 -0500
Message-Id: <199912102153.QAA03195@the-oz.mit.edu>
To: security-fyi@MIT.EDU
Reply-To: net-security@MIT.EDU
A security problem has recently been found in the Unix sadmind (system
administration daemon) -- the problem can allow intruders to break in
to your computer remotely, gaining root access immediately in most
cases. This is believed to affect Solaris systems including those
running Solaris 2.6 and Solaris 7. Solaris systems using the Athena
software are also likely affected. It is possible that the issue also
affects some non-Solaris Unix systems. Please check your Unix systems
for the presence of an sadmind entry in inetd.conf, and disable the
program if it exists. For more information about reconfiguring your
computers to eliminate this new security problem, see
http://web.mit.edu/net-security/www/fyi/fyi-1999-005-sadmind.html
Matt Power
Network Security team, MIT Information Systems
