Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Continuous multi-exploit scanning / Sadmind exploit InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Continuous multi-exploit scanning / Sadmind exploit

Published: 2004-04-05
Last Updated: 2004-04-05 22:25:21 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Continuous multi-exploit scanning

Still receiving reports about multi-exploit bot or worm scanning various different ports: 1025, 135, 139, 2745, 3127, 445, 6129, 80, 8080.
References: http://isc.sans.org/diary.php?date=2004-04-01
Mailbag

We received a report about a solaris machine that was compromised by the recent sadmind vulnerability. In SUN's advisory about this flaw, it states that versions 7 and 8 including trusted versions, and version 9 are vulnerable, but that previous versions shipped with sadmind are also vulnerable.

The user had version 2.6 and states that the machine had the latest and greatest security patches from SUN, so he didnt take the mitigation steps from the advisory. Also SUN apparently only released patches for versions 7,8 (including trusted) and 9.
Even that you dont have Solaris version 7,8 (including trusted) or 9, you should carefully read the advisory and use the proper workaround suggestion.
References: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=sadmind
---------------------------------------------------------

Handlers on Duty: Pedro Bueno (bueno_AT_ieee.org)
Keywords:
0 comment(s)
Diary Archives