| Check Point Reference: |
CPAI-2008-238 |
| Date Published: |
5 Nov 2008 |
| Severity: |
High
|
| Last Updated: |
Tuesday 01 January, 2008 |
| Source: |
Secunia Advisory: SA32283 |
| Industry Reference: | CVE-2008-4556
CVE-1999-0977 |
| Protection Provided by: |
|
| Who is Vulnerable? | Sun Solaris 8
Sun Solaris 9 |
| Vulnerability Description |
A vulnerability was reported in Sun Solaris Solstice AdminSuite daemon sadmind. Solstice AdminSuite is a set of applications for distributed system administration. sadmind is a daemon used by SolsticeAdminsuite to control the servers running Sun Solaris operating system. One of the sadmind functions fails to process overly long parameters. Remote attackers could exploit this vulnerability by sending a maliciously crafted request to a vulnerable installation of sadmind. Successful exploitation would allow for arbitrary code execution. |
| Vulnerability Status | The vulnerability has been publicly disclosed. |
| Update/Patch Avaliable | Sun has released patches for this vulnerability:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-245806-1 |
| Vulnerability Details | The vulnerable function does not validate user supplied data when appending it to a stack-based buffer, resulting in a stack-based buffer overflow. |
Feedback