[11503] in bugtraq
Vulnerability in Solaris 2.6. rpc.statd ?
daemon@ATHENA.MIT.EDU (Bob Todd)
Tue Aug 24 20:12:35 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <005c01beebf2$9a993f20$6500a8c0@arc.com>
Date: Sat, 21 Aug 1999 12:31:18 -0400
Reply-To: Bob Todd <todd@home.arc.COM>
From: Bob Todd <toddr@ARC.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
While performing an on-site incident response at
_______, I found several
Solaris-oriented exploit programs including a
statd2.6 (others were calendar
manager, tooltalk, and lockd?). Since there is an
exploit program for statd on
Solaris 2.6, I could conclude that Solaris 2.6
statd is vulnerable to attack. I
have not tried the exploit, but since the machine
was probably compromised
by one of these programs, the threat seems real!!
______________________________________________
Bob and Ann Todd
Advanced Research Corporation
Office: (703) 938-4385
Mobile: (703) 203-0855
www.arc.com
