Zero day for Sun Solstice AdminSuite (sadmind)
A zero day disclosure is never a good thing but people need to be beware when it does. A vulnerability resides within a function of the Sun Solstice AdminSuite sadmind, which when properly exploited can lead to remote compromise of the vulnerable system. This information was posted to the Full Disclosure Mailinglist 2 days ago, together with an exploit for Metaploit.
I checked the Sun Security advisories but I couldn't find any information (yet). Disable the port or service if you don't need it or try to shield it if you do. Put an ACL in place. Keep an eye on upcoming advisories for workarounds and patches.
Related posts:
- Microsoft updates security advisory for local exploit for Windows Server
- New browser exploit: Clickjacking
- More public DNS servers getting exploited in the wild (updated)
- GIFAR, JPGAR, DOCAR, what's the deal with the new client side vulnerabilities.
- Another patch round: Oracle, Wordpress, Firefox, ActiveX Killbits Snaphot Viewer
- The next big storm: outdated browsers and plugins
- Patching madness. No rest for the sysadmins.
- Beware. A wide scale attack on Adobe Flash Player (updated)
- Live Flash exploitation though banners on popular websites
- Patch mania, it's not just Patch Tuesday
- Patching, Damned if you do, Damned if you don't
Post a Comment