10 matches found
CVE-2003-0722
The default installation of sadmind on Solaris uses weak authentication AUTHSYS, which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets...
Unauthorized Solaris sadmind access
It's possible to bypass authentication process by sequence of specially crafted RPC calls...
Solaris Sadmind - Default Configuration Remote Code Execution
!/usr/bin/perl -w Title: rootdown.pl Purpose: Solaris Remote command executiong via sadmind Author: H D Moore hdm at metasploit.com Copyright: Copyright C 2003 METASPLOIT.COM use strict; use POSIX; use IO::Socket; use IO::Select; use Getopt::Std; my $VERSION = "1.0"; my %opts; getopts"h:p:c:r:iv"...
Solaris sadmind AUTH_SYS Credential Remote Command Execution
The remote host is running the sadmind RPC service. It is possible to misuse this service to execute arbitrary commands on this host as root. C Tenable Network Security, Inc. Greatly improved by H D Moore include"compat.inc"; if description scriptid11841; scriptversion"1.34"; scriptcvsdate"Date:...
Solaris sadmind Remote Buffer Overflow Exploit
Exploit for solaris platform in category remote exploits ============================================== Solaris sadmind Remote Buffer Overflow Exploit ============================================== /\ Super Solaris sadmin Exploit by optyx based on sadminsparc. and sadminx86.c by Cheez Whiz /...
Solaris sadmind - Remote Buffer Overflow
Solaris sadmind - Remote Buffer Overflow /\ Super Solaris sadmin Exploit by optyx based on sadminsparc. and sadminx86.c by Cheez Whiz / include include include include include char shellsparc = "\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff" "\x90\x03\xe0\x5c\x92\x22\x20\x10\x94\x1b\xc0\x0f"...
Solaris sadmind - Remote Buffer Overflow
/\ Super Solaris sadmin Exploit by optyx based on sadminsparc. and sadminx86.c by Cheez Whiz / include include include include include char shellsparc = "\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff" "\x90\x03\xe0\x5c\x92\x22\x20\x10\x94\x1b\xc0\x0f"...
Solaris 2.52.5.12.67.0 - sadmind Remote Buffer Overflow (3)
Solaris 2.52.5.12.67.0 - sadmind Remote Buffer Overflow 3 // source: https://www.securityfocus.com/bid/866/info Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. sadmind is the daemon used by Solstice AdminSuite...
CVE-1999-0977
The CVE-1999-0977 entry describes a buffer overflow in the Solaris sadmind daemon (including AdminSuite components) that can be triggered remotely via a NETMGT_PROC_SERVICE request, potentially allowing arbitrary code execution with root privileges. Affected systems run Solaris/SunOS with sadmind...
CVE-1999-0977
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGTPROCSERVICE request...