New Search

Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability

oval:org.mitre.oval:def:1273

The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS) which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 8
  • Sun Solaris 9
  • Sun Solaris 7
Class:
vulnerability
Reference(s):
  • CVE-2003-0722
Product(s):
  • Sadmin