The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

6. sadmind and mountd 

Sadmind allows remote administration access to Solaris systems providing a graphical interface to system administration functions.  Mountd contorols access to NFS mounts on UNIX hosts.

Versions Effected:  

sadmind - Sun Solaris 7.0_x86, Sun Solaris 7.0, Sun Solaris 2.6_x86, Sun Solaris 2.6, Sun Solaris 2.5.1_x86, Sun Solaris 2.5.1_ppc, Sun Solaris 2.5.1, Sun Solaris 2.5_x86, Sun Solaris 2.5

mountd - Caldera OpenLinux Standard 1.2, RedHat Linux 5.1, Standard & Poors ComStock 4.2.4, RedHat Linux 5.0, RedHat Linux 4.2, 
RedHat Linux 4.1, RedHat Linux 4.0, RedHat Linux 3.0.3, RedHat Linux 2.1, RedHat Linux 2.0

CVE Entry: CVE-1999-0977 (sadmind), CVE-1999-0002 (mountd)

Details: Both of these applications are vulnerable to buffer overflows that allow for root compromise.

Recommendations: If possible these services should be disabled or removed on any machines exposed to the Internet.  It is also a good idea to install the latest patches for each service.

Additional Information:  

http://www.cert.org/advisories/CA-99-16-sadmind.html

http://www.cert.org/advisories/CA-99-12-amd.html

http://www.sans.org/topten.htm

 



Contact: info@razor.bindview.com | | Bindview Home