Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:ABD66C04E324863C1DA1BABBC33F16D2
HistoryJan 09, 2006 - 12:00 a.m.

sadmind AUTH_SYS authentication vulnerability

2006-01-0900:00:00
SAINT Corporation
my.saintcorporation.com
14

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.969

Percentile

99.7%

JSON

Added: 01/09/2006
CVE: CVE-2003-0722
BID: 8615
OSVDB: 4585

Background

**sadmind** is a service which coordinates distributed system administration operations remotely. The Sun Solstice AdminSuite runs **sadmind** with the **AUTH_SYS** authentication method by default.

Problem

The **sadmind** running with the **AUTH_SYS** authentication method allows remote attackers to execute arbitrary commands.

Resolution

If the **sadmind** service is not needed, disable it service by commenting the line beginning with “100232” out of **/etc/inetd.conf**, and restarting the inetd process. Otherwise, install the patches referenced in Sun Alert 56740.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=6&gt;

Platforms

SunOS

Related

metasploit 1
nessus 1
cve 1
saint 3
securityvulns 1
exploitdb 2
nvd 1
canvas 1
packetstorm 1
cvelist 1
seebug 1
cert 1
metasploit
metasploit
Solaris sadmind Command Execution
2008-04-04 21:15:55
nessus
nessus
Solaris sadmind AUTH_SYS Credential Remote Command Execution
2003-09-19 00:00:00
cve
cve
CVE-2003-0722
2003-09-22 04:00:00
saint
saint
sadmind AUTH_SYS authentication vulnerability
2006-01-09 00:00:00
sadmind AUTH_SYS authentication vulnerability
2006-01-09 00:00:00
sadmind AUTH_SYS authentication vulnerability
2006-01-09 00:00:00
securityvulns
securityvulns
[UNIX] Remote Root Exploitation of Default Solaris sadmind Setting
2003-09-16 00:00:00
exploitdb
exploitdb
Solaris Sadmind - Command Execution (Metasploit)
2010-06-22 00:00:00
Solaris Sadmind - Default Configuration Remote Code Execution
2003-09-19 00:00:00
nvd
nvd
CVE-2003-0722
2003-09-22 04:00:00
canvas
canvas
Immunity Canvas: SADMIND
2003-09-22 04:00:00
packetstorm
packetstorm
Solaris sadmind Command Execution
2009-10-28 00:00:00
cvelist
cvelist
CVE-2003-0722
2003-09-17 04:00:00
seebug
seebug
Solaris 7 8 9 sadmind RPC Command Execution
2010-01-10 00:00:00
cert
cert
Sun Solstice AdminSuite ships with insecure default configuration
2003-09-19 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.969

Percentile

99.7%

JSON
Related for SAINT:ABD66C04E324863C1DA1BABBC33F16D2
metasploit1nessus1cve1saint3securityvulns1exploitdb2nvd1canvas1packetstorm1cvelist1seebug1cert1