Executive Summary

Summary
Title Sun Alert 245806 A Buffer Overflow Security Vulnerability in the Solaris sadmind(1M) Daemon May Lead to Execution of Arbitrary Code
Informations
Name SUN-245806 First vendor Publication 2008-11-14
Vendor Sun Last vendor Modification 2009-05-22
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8 Operating System Solaris 9 Operating System

A buffer overflow security vulnerability in the Solaris sadmind(1M) daemon may allow a local or remote unprivileged user to execute arbitrary code with root privileges.

Sun acknowledges with thanks, Adriano Lima of RISE security for bringing this issue to our attention.

This issue is described in the following documents:


State: Resolved
First released: 14-Nov-2008
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-245806-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_245806_a_buffer

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5543
 
Oval ID: oval:org.mitre.oval:def:5543
Title: A Buffer Overflow Security Vulnerability in the Solaris sadmind(1M) Daemon May Lead to Execution of Arbitrary Code
Description: Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4556
 Version: 3
Platform(s): Sun Solaris 8
Sun Solaris 9
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 4

Open Source Vulnerability Database (OSVDB)

Id Description
49111 Sun Solstice AdminSuite on Solaris sadmind adm_build_path Function Remote Ove...

A buffer overflow exists in Solstice AdminSuite. sadmind fails to validate data passed to the adm_build_path function resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-05-28 IAVM : 2009-T-0028 - Multiple Buffer Overflow Vulnerabilities in Sun Solaris
Severity : Category II - VMSKEY : V0019230

Snort® IPS/IDS

Date Description
2014-01-10 portmap Solaris sadmin udp adm_build_path overflow attempt
RuleID : 16449 - Revision : 4 - Type : PROTOCOL-RPC
2014-01-10 portmap Solaris sadmin tcp adm_build_path overflow attempt
RuleID : 16448 - Revision : 5 - Type : PROTOCOL-RPC
2014-01-10 Solaris UDP portmap sadmin request attempt
RuleID : 16447 - Revision : 9 - Type : PROTOCOL-RPC
2014-01-10 portmap Solaris sadmin tcp request
RuleID : 16446 - Revision : 6 - Type : PROTOCOL-RPC

Nessus® Vulnerability Scanner

Date Description
2004-07-12 Name : The remote host is missing Sun Security Patch number 116455-01
File : solaris8_116455.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 116442-01
File : solaris8_x86_116442.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 116453-03
File : solaris9_116453.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 116454-03
File : solaris9_x86_116454.nasl - Type : ACT_GATHER_INFO