Solstice AdminSuite sadmind Buffer Overflow in adm_build_path() Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021059
|
|
SecurityTracker URL: http://securitytracker.com/id?1021059
|
|
CVE Reference: CVE-2008-4556
(Links to External Site)
|
Updated: May 25 2009
|
Original Entry Date: Oct 15 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 8, 9
|
Description: A vulnerability was reported in Solstice AdminSuite's sadmind. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted data to trigger a stack overflow in the adm_build_path() function and execute arbitrary
code on the target system. The code will run with the privileges of the target service.
Solaris 10 does not include sadmind
and is not affected.
Adriano Lima reported this vulnerability.
The original advisory is available at:
http://risesecurity.org/advisories/RISE-2008001.txt
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: The vendor has issued a fix.
SPARC Platform
* Solaris 8 with patch 116455-02 or later
* Solaris 9 with patch 116453-03
or later
x86 Platform
* Solaris 8 with patch 116442-02 or later
* Solaris 9 with patch 116454-03 or later
The
vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-245806-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-66-245806-1 (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 14 Oct 2008 22:37:53 -0400
Subject: Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability
|
http://risesecurity.org/advisories/RISE-2008001.txt
CVE-2008-4556
|
|
