| VID |
17042 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
Admind or sadmind is running on the machine. By default, admind runs in an insecure SYS mode. If admind is insecure, an attacker can obtain access to it and change the password file.
If this vulnerability was flagged and admind or sadmind are not running, then you will need to run rpcinfo on the vulnerable system. According to RFC 1700, the correct RPC numbers for admind and sadmind are:
admind = 100087
sadmind = 100232
Solaris is the only Unix platform that uses admind or sadmind. Another OS could show up vulnerable if the above RPC numbers are being used by another service. If this is the case, you will need to change the RPC numbers to reflect the standards as defined in RFC 1700.
* References:
http://www.cert.org/advisories/CA-99-16-sadmind.html
http://www.iss.net/security_center/static/3688.php
http://www.kb.cert.org/vuls/id/28934 |
| Recommendation |
Disable the 'sadmind' rpc service if it's not needed, or use it after asking to the vendor whether not to be vulnerable. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
