Sadmind Version


Summary

sadmind: A Solstice administrator support program, sadmind can be exploited through a buffer overflow attack. Possibly, some patched versions are exploitable.

Impact

A remote intruder can execute commands as root if the buffer overflow attack is successful.

The problem

The sadmind program (especially Solaris 2.4, 2.5.x and 2.6) is exploitable for remote root access. Versions are vulnerable to a buffer overflow attack where a well crafted pattern could execute arbitrary commands as the root user.

Fix

Other tips

CERT released CA-99-16 advisory on this topic.

CVE Reference(s):