Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS) which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
- Sun Solaris 8
- Sun Solaris 9
- Sun Solaris 7