Continuous multi-exploit scanning / Sadmind exploit
Continuous multi-exploit scanning
Still receiving reports about multi-exploit bot or worm scanning various different ports: 1025, 135, 139, 2745, 3127, 445, 6129, 80, 8080.
References: http://isc.sans.org/diary.php?date=2004-04-01
Mailbag
We received a report about a solaris machine that was compromised by the recent sadmind vulnerability. In SUN's advisory about this flaw, it states that versions 7 and 8 including trusted versions, and version 9 are vulnerable, but that previous versions shipped with sadmind are also vulnerable.
The user had version 2.6 and states that the machine had the latest and greatest security patches from SUN, so he didnt take the mitigation steps from the advisory. Also SUN apparently only released patches for versions 7,8 (including trusted) and 9.
Even that you dont have Solaris version 7,8 (including trusted) or 9, you should carefully read the advisory and use the proper workaround suggestion.
References: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=sadmind
---------------------------------------------------------
Handlers on Duty: Pedro Bueno (bueno_AT_ieee.org)
Still receiving reports about multi-exploit bot or worm scanning various different ports: 1025, 135, 139, 2745, 3127, 445, 6129, 80, 8080.
References: http://isc.sans.org/diary.php?date=2004-04-01
Mailbag
We received a report about a solaris machine that was compromised by the recent sadmind vulnerability. In SUN's advisory about this flaw, it states that versions 7 and 8 including trusted versions, and version 9 are vulnerable, but that previous versions shipped with sadmind are also vulnerable.
The user had version 2.6 and states that the machine had the latest and greatest security patches from SUN, so he didnt take the mitigation steps from the advisory. Also SUN apparently only released patches for versions 7,8 (including trusted) and 9.
Even that you dont have Solaris version 7,8 (including trusted) or 9, you should carefully read the advisory and use the proper workaround suggestion.
References: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=sadmind
---------------------------------------------------------
Handlers on Duty: Pedro Bueno (bueno_AT_ieee.org)
Keywords:
0 comment(s)
×
Diary Archives
Comments