Note: This is an archival copy of Security Sun Alert 259468 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020498.1.
Solaris 8 Operating System
Solaris 9 Operating System
Date of Resolved Release
Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution
On Solaris 8 and 9 heap and integer overflow vulnerabilities in the Solaris sadmind(1M) daemon
Sun acknowledges with thanks Secunia Research for bringing these issues to our attention.
These issues are also described in the following documents:
CVE-2008-3869 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3869
2. Contributing Factors
These issues can occur in the following releases:
Note: Solaris 10 and OpenSolaris do not ship with sadmind(1M) and therefore are not affected by these issues.
$ grep sadmind /etc/inet/inetd.conf
There are no predictable symptoms that would indicate these issues have been exploited to execute arbitrary code.
To work around these issues, sadmind(1M) can be disabled by doing the following:
#100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind
# /usr/bin/pkill -HUP inetd
These issues are addressed in the following releases:
For more information on Security Sun Alerts, see