Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Continuous multi-exploit scanning / Sadmind exploit - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Continuous multi-exploit scanning / Sadmind exploit
Continuous multi-exploit scanning

Still receiving reports about multi-exploit bot or worm scanning various different ports: 1025, 135, 139, 2745, 3127, 445, 6129, 80, 8080.
References: http://isc.sans.org/diary.php?date=2004-04-01
Mailbag

We received a report about a solaris machine that was compromised by the recent sadmind vulnerability. In SUN's advisory about this flaw, it states that versions 7 and 8 including trusted versions, and version 9 are vulnerable, but that previous versions shipped with sadmind are also vulnerable.

The user had version 2.6 and states that the machine had the latest and greatest security patches from SUN, so he didnt take the mitigation steps from the advisory. Also SUN apparently only released patches for versions 7,8 (including trusted) and 9.
Even that you dont have Solaris version 7,8 (including trusted) or 9, you should carefully read the advisory and use the proper workaround suggestion.
References: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=sadmind
---------------------------------------------------------

Handlers on Duty: Pedro Bueno (bueno_AT_ieee.org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!