The Virtual Soldier Program seeks to establish a new capability that will revolutionize medical care to support the soldier. The program will create the mathematical modeling approaches to develop an information (computational) representation of an individual soldier (a holographic medical electronic representation or holomer) that can be used to augment medical care on and off the battlefield with a new level of integration. This virtual soldier will be based upon a highly complex model that is derived from biologically driven principles and populated with properties that are extracted from evidence-based data. The initial Phase 1 effort will consist of a two-component, three-dimensionally displayed model: (1) An organ-tissue system model component, and (2) a properties level model component. Once derived, the virtual soldier will provide multiple capabilities, including but not limited to automatic diagnosis of battlefield injuries, prediction of soldier performance, testing and evaluation of non-lethal weapons, and virtual clinical trials.
The SCO Soldier Program seeks to scan source codes and find the printf function on those lines of codes and report them back to its owner. Using covert tactics and illicit (possibly) illegal methods, the SCO Soldier can then automate fascimile transmissions of source code to a database which can then quantum generate subpoenas on the fly.
With the speed rate of over 2billion lines of code per minute, the SCO soldier can quickly misconstrue every line of code for pseudo-authenticity and create a manically broad worded asinine report which sounds great on the outside but is actually empty on the inside.
SCO Soldier not available in Open Source and will be licensed to someone who is willing to be sued immediately afterwards in efforts to ensure that SCO Soldier is functioning properly and generating frivolous lawsuits.
I have a very strong erectile disfunction and have been using viagra.h of which I recall writing myself, and I think that at least the 4 or so inches I have differ from the original 8 or so I had when I was younger.
I have this distinct memory of once using penis.c never thinking it would fail which is why I originally coded viagra.h for all of us SCUM groupsters to use when dealing with sockets and the vaginal programming language.
Ok not to sound mean but aside from niche markets why would someone want to take BeOS serious, and I'm asking this as if I were a CTO'ish person. For one, with all the garbage being funneled into things *Open Source* by companies like SC(um)O and Mickeysoft, the entire *Open* anything is something I would (if I were purhasing) stay away from until the smoke clears.
Now I'm not saying BeOS is garbage in fact I have an older cd lying around somewhere, and it's pretty neat, but why (aside from geekiness) would I want to look to BeOS when there is so much confusion going on as is in the Open Source community for one, secondly it would have to mean I would have to take a backseat and chop up tons of code to get other programs I use frequently -- that are ported to other implementations of *nix (bsd/linux) -- to work on the BeOS machine. Meaning, if I downloaded just about any distro of BSD or Linux, I am almost certain I could get most 3rd party packages/ports to work, in BeOS (and yes I am assuming here) it's more than likely I would either have to wait or redo some code, so its not an option for me since I have no time.
Really I think its nice but nothing more than a hobby, I wish more developers however would come together under one roof and make he all-in-one super-ninja-hop-chop-socky OS without one having to wonder if a) there is support, b) it's cross `distro-able`/`platform-able`, etc.
Many smarter people than me wasted their time trying to argue with you and all have wasted their breathe. I on the other hand am taking this one step further right now and calling you out for a celebrity source code death match to see who can code hello world faster. You can continue to ignore the SCUM Group all you want but eventually we will catch up with you and give you an atomic wedgie so far up your ass you'll be shitting printf for eons.
Your ramblings are like you claiming that, someone broke into your Calvin Clone boxer shorts and made your penis shrink to the size of your brain and now you have to spoil it for the Open Source community with your constant stream of lawsuits of which, no one but yourself can understand.
As Bush would say, "Your strategery has greatfulnessly misundersestimated the force", that force is Open Source you punk ass media whore. SCUM group acknowledges our acts of moronicy as a ploy to liven up the scenario. You on the other hand, have created with your Jerry Springer'ish mumblings, a laughing stock of those who have worked hard and brought Open Source out of the darkened states where it once rested.
Secondly aside from turning this into a serious rambling of my own, let me just state on behalf of all of SCUM you sir suck and shall be receiving one of 436,539,084,760,223,491,853,214,325,213 subpoenas we are currently autogenerating filled with the same nonsense you create.
shit i need to wake up... thanx and doh! but in essence there still isnt anything more than some rfid bs... And I should have known it was the times because of the ugly ass colors they use
Washington Post has their own agendas politically when it comes to reporting. Sure it's pretty shitty to be monitored, but there is nothing stating that any information used was used for anything other than maybe for the sake of having some card manufacturers new card being tested.
Remember intelligence agencies from all over the place keep tabs on each other via other means (ECHELON, HUMINT, OSINT, IMINT, SIGNIT), so I doubt this was anything to be concerned with. Strictly something `chick' to report on. It's far more easier to set up assets to bang (screw/lay/fsck) one of these guys for info, than it would to keep watch of what they do.
User gets in car to go to summit, user's Eazypass or other form of cardpaymentsys tracks what exits he uses via tolls paid. User stops at gasoline station, credit card is used, card information is transmitted. User talks the beltway, cameras capture this. Get the picture? Everyone else sure did. Again other than this being all the rage (RFID's) I doubt it was something major, but surely someone with agendas sees it to be so. When they can produce something absolute that was used with this information, not just 'oh my look at this an RFID story' than I'll worry.
PS... Proof doesn't mean `hey we're the Foobar Newspaper
Let's suppose someone decided to turn around and sue you or something for manipulating their product, something small like this... Could cost you a pretty penny in legal fees. Or... say it takes you what a couple hours, couple of dollars to pull this `hack` off... For what in all honesty other than to say `look what I did`. Come one now... Digital cameras are dirt cheap. Not to rag on the `hacker', but let's get real what true purpose does this serve?
I'm not trying to troll around, nor put anyone's `work' down, but I'm trying to think of any value this may have and sadly I see none. Now had he said something really productive like he hacked the camera to make every pic to be Angelina Jolie, or some other sexpot, then I'd work with him...
What we saw happen with Netscape, Sun, and MS, was sort of a digital cold war. Netscape and Sun focused too much on the enemy instead of themselves which caused them to collapse. Sort of like Russian and the US during the cold war. Sure Microsoft was found in violation and it meant nothing to them then, and little to them now. Considering all the moronic actions society, and law allows MS to heap on them, kudos to MS for laughing all the way to the bank.
Now I know it's trollish to root for MS in any case, and I truly don't but think about it... In any other society this wouldn't have happened. Look at what Russia did to their Yukos oil tycoon when he got too big for his own good... Not to say it's a good thing, but how can those in law turn a blind eye to MS' actions... Paying for the FAT system? Shit I thought the cost would have been included on purchase... Thats like buying a car now to have the dealer come back later and say "Oh by the way we will now charge you for using the engine in your car."
Muttley you snickering floppy eared hound,
When courage is needed, you're never around!
Those medals you wear on your moth-eaten chest,
Should be there for bungling at which you are best!
So, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop
The Pigeon, Stop The Pigeon,
Stop that Pigeon
How?
Nab him! Jab him! Tab him! Grab him!
Stop that pigeon
Now!
You Zilly, stop sneaking it's not worth the chance,
For you'll be returned by the seat of your pants!
And Klunk, you invent me a thingamybob,
That catches that pigeon, or I lose my job!
So, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop
The Pigeon, Stop The Pigeon
Fully aware of the gravity of the situation, Dick Dastardly and his proud men try to eliminate the pigeon with a feather seeking homing missile.the cartoon
Date Modified: 08-Aug-2003
1. Impact: A local or remote unprivileged user may be able to view root privileged files due to a security vulnerability involving the Solaris kcms_server(1) daemon
Now before you say but thats only viewing files blah blah blah like some troll, ask yourself how easy it would be to leverage this into something more? Wait I know... View unprivileged files? You mean like say.../etc/shadow? No that's thinking too far ahead. No codes available? Sure...ok there are no codes you are so correct.
More of me being a prick? Why not...
Vulnerable systems:
SunOS 5.3 thru 5.9 (Solaris 2.x, 7, 8, 9) (x86)
By sending a sequence of specially crafted Remote Procedure Call (RPC) requests to the sadmind daemon, an attacker can exploit this vulnerability to gain unauthorized root access to a vulnerable system. The sadmind daemon defaults to weak authentication (AUTH_SYS), making it possible for a remote attacker to send a sequence of specially crafted RPC packets to forge the client identity.
After the identity has been successfully forged, the attacker can invoke a feature within the daemon itself to execute a shell as root or, depending on the forged credential, any other valid user of the system. The daemon will execute the program of the attacker's choice; for example, spawning a reverse-network shell back to the attacker for input/output control. Under certain circumstances, a reverse-network shell could allow for the attacker to bypass firewalls and/or filters.
Analysis:
Because the nature of the weakness exists on the application level, successful exploitation does not require the use of machine-specific code, nor does it require any previous knowledge of the target's architecture. Therefore, any local or remote attacker could execute commands as root on a vulnerable system running the sadmind service. By default, sadmind is installed and started at system boot time on most default and fully patched installations of Solaris. While many other vendors rely on SUNRPC related routines from Sun, this design issue is confined to Sun's sadmind authentication implementation in Solaris.
The most inherent threat is if this exploit becomes packaged into a cross-platform worm were it to become publicly available. http://www.securiteam.com/unixfocus/5HP0G1PB6K.htm l
Sorry I took some time I was too busy being a Redhat GNU nazi...
# uname -a
SunOS kungfunix.net 5.9 Pitbull sun4u sparc SUNW,Sun-Fire-480R
bash-2.05a$ uname -a
FreeBSD bubonic.infiltrated.net 4.8-RELEASE-p13 FreeBSD 4.8-RELEASE-p13 #0: Tue Oct 7 01:44:44 EDT 2003 root@fscker.infiltrated.net:/usr/obj/usr/src/sys/B UBONIC i386
-bash-2.05b$ uname -a
FreeBSD daemonically.perfidious.org 4.9-STABLE FreeBSD 4.9-STABLE #1: Thu Nov 6 01:13:52 EST 2003 sil@daemonically.perfidious.org:/usr/obj/usr/src/s ys/DAEMONICALLY alpha
Yea sure... Why not... Sorry but I use WindowsXP (that's right) on my laptop and Sol for my servers, and FreeBSD to fuck around with. This is going to be the last comment I make on this thread, because it literally is boring. And you're right I know nothing of security whatsoever. In fact I don't even know my name there buddy
Boring thread. Just because patches are release doesn't mean everyone is patching. I for one use Sun on sparc boxes but would not use the x86 version. It's a matter of opinion, and choice. If you had the slightest 'clue' you could netcraft my domains to see what I'm using. I've given up the "my penis is bigger than yours", Linux vs. *, or Sun vs. *, or Microsoft is * because it's so tiring.
As for Trusted Solaris, I doubt you've ever used it but if you want an account let me know because I have a blade running it. Your post makes me laugh considering again if you had an inkling of an idea, you would've halted a long time ago with your babbling.
So I restate... I posted what's known (exploits), this does not include code that never makes it out. Certainly you've heard of private exploits there neo haven't you? Did it ever occur to you some people really don't whore shit out and release codes, or work with vendors instead of mail -s "i 4m j33t" bugtraq@securityfocus.com? Give me a break.
Product: Samba 2.2.2 to 2.2.8 Publisher: Sun Microsystems Operating System: Solaris 9 Platform: SPARC i386 Impact: Root Compromise Access Required: Remote http://www.auscert.org.au/render.html?it=3 298&cid=1 ========== Sun(sm) Alert Notification Sun Alert ID: 51884 Synopsis: Security Vulnerability in the Network Services Library, libnsl(3LIB), Affecting rpcbind(1M) Category: Security Product: Solaris BugIDs: 4767276 Avoidance: Workaround, Patch State: Resolved Date Released: 20-Mar-2003, 26-Mar-2003, 28-Apr-2003, 08-May-2003 Date Closed: 08-May-2003 Date Modified: 26-Mar-2003, 28-Apr-2003, 08-May-2003 1. Impact A local or remote unprivileged user may be able to kill rpcbind(1M) due to a security vulnerability in the network services library, libnsl(3LIB). Exploiting this vulnerability may lead to denial of service. Although Sun is not aware of any other applications or services that may be vulnerable to this issue, Sun is continuing to investigate and will update this Sun Alert as needed.
This issue is also described in CERT Vulnerability VU#516825 (see http://www.kb.cert.org/vuls/id/516825) which is referenced in CERT Advisory CA-2003-10 (see http://www.cert.org/advisories/CA-2003-10.html).
Thanks to Riley Hassell of eEye Digital Security and Garry Zacheiss of MIT for reporting this issue.
2. Contributing Factors This issue can occur in the following releases:
x86 Platform Solaris 9 without patch 113719-04 http://www.ncl.ac.uk/ucs/security/local _bulletins/sun/suna.51884.txt ============
I'l l stop because its obvious who has a clue here and who doesn't 7 holes now one thread
* Sun Alert ID: 44309 * Synopsis: Buffer Overflow in cachefsd in Solaris
* Category: Security * Product: Solaris * BugIDs: 4338920 * Avoidance: Workaround, Patch * State: Resolved * Date Released: 30-Apr-2002, 31-May-2002, 02-Apr-2003 * Date Closed: 02-Apr-2003 * Date Modified: 24-May-2002, 31-May-2002, 06-Jan-2003, 02-Apr-2003
1. Impact
Unprivileged local or remote users may be able to gain unauthorized root access due to a buffer overflow in cachefsd.
2. Contributing Factors
This issue can occur in the following releases:
x86 Platform * Solaris 9 without patch 114009-01
3. Symptoms
Failed attempts to exploit the buffer overflow will leave core files in the / directory from cachefsd. In addition, if the file/etc/cachefstab exists it may contain unusual entries. The usual entries are known cache directories, for example,/cachefs/cache0.
* Sun Alert ID: 55680 * Synopsis: Security Vulnerability in the Solaris Runtime Linker ld.so.1(1) * Category: Security * Product: Solaris * BugIDs: 4872634 * Avoidance: Patch * State: Resolved * Date Released: 29-Jul-2003 * Date Closed: 29-Jul-2003 * Date Modified:
1. Impact
An unprivileged local user may be able to gain unauthorized root privileges due to a buffer overflow in the runtime linker ld.so.1(1).
Sun acknowledges with thanks, Jouko Pynnonen (jouko@iki.fi) for bringing this issue to our attention and iDEFENSE Inc. (www.idefense.com) for coordinating the release of this issue.
This issue is described in iDEFENSE Advisory located at: http://www.idefense.com/advisory/07.29.03.txt. 2. Contributing Factors
DOCUMENT ID: 57414 SYNOPSIS: Buffer Overflow Vulnerability in the CDE DtHelp Library May Allow Unauthorized "root" Access https://www.auscert.org.au/render.html?it= 3593&cid=1
============
PROBLEM: A vulnerability exists in the newtask(1) command that may lead to unauthorized root access. PLATFORM: Solaris 9 DAMAGE: If exploited, a local unprivileged user may be able to gain unauthorized root access. SOLUTION: Apply patch or workaround. http://www.ciac.org/ciac/bulletins/n- 069.shtml
========
Product: GNOME 2.0 XScreensaver Publisher: Sun Microsystems Operating System: Solaris Platform: SPARC x86 Impact: Reduced Security Access Required: Existing Account http://www.auscert.org.au/render.html?it= 3487&cid=33
I could go on and give shellcode too but I won't. Know what you're talking about before jumping out there
If you have a few bucks you might want to get an older sparc to try Solaris on. Sol x86 is a security nightmare, and its not the same as using sol under sun's arch. e.g. I run most of my sites on sun boxes, and love it, using x86 sol... Hate it. Definitely not the same if you ask me
Slashdot Mirror
The Virtual Soldier
Program Manager: Dr. Richard Satava
The Virtual Soldier Program seeks to establish a new capability that will revolutionize medical care to support the soldier. The program will create the mathematical modeling approaches to develop an information (computational) representation of an individual soldier (a holographic medical electronic representation or holomer) that can be used to augment medical care on and off the battlefield with a new level of integration. This virtual soldier will be based upon a highly complex model that is derived from biologically driven principles and populated with properties that are extracted from evidence-based data. The initial Phase 1 effort will consist of a two-component, three-dimensionally displayed model: (1) An organ-tissue system model component, and (2) a properties level model component. Once derived, the virtual soldier will provide multiple capabilities, including but not limited to automatic diagnosis of battlefield injuries, prediction of soldier performance, testing and evaluation of non-lethal weapons, and virtual clinical trials.
DARPA
And on another note...
SCO Soldier
Program Team: SCUM Group
The SCO Soldier Program seeks to scan source codes and find the printf function on those lines of codes and report them back to its owner. Using covert tactics and illicit (possibly) illegal methods, the SCO Soldier can then automate fascimile transmissions of source code to a database which can then quantum generate subpoenas on the fly.
With the speed rate of over 2billion lines of code per minute, the SCO soldier can quickly misconstrue every line of code for pseudo-authenticity and create a manically broad worded asinine report which sounds great on the outside but is actually empty on the inside.
SCO Soldier not available in Open Source and will be licensed to someone who is willing to be sued immediately afterwards in efforts to ensure that SCO Soldier is functioning properly and generating frivolous lawsuits.
of which I recall writing myself, and I think that at least the 4 or so inches
I have differ from the original 8 or so I had when I was younger.
I have this distinct memory of once using penis.c never thinking it would
fail which is why I originally coded viagra.h for all of us SCUM groupsters
to use when dealing with sockets and the vaginal programming language.
Penis
SCUM Group
Act now and be the first to receive a $200 gift certificate for switching back to MS from Linux. Microsoft "Because We Can Buy It or Break It"
Ok not to sound mean but aside from niche markets why would someone want to take BeOS serious, and I'm asking this as if I were a CTO'ish person. For one, with all the garbage being funneled into things *Open Source* by companies like SC(um)O and Mickeysoft, the entire *Open* anything is something I would (if I were purhasing) stay away from until the smoke clears.
Now I'm not saying BeOS is garbage in fact I have an older cd lying around somewhere, and it's pretty neat, but why (aside from geekiness) would I want to look to BeOS when there is so much confusion going on as is in the Open Source community for one, secondly it would have to mean I would have to take a backseat and chop up tons of code to get other programs I use frequently -- that are ported to other implementations of *nix (bsd/linux) -- to work on the BeOS machine. Meaning, if I downloaded just about any distro of BSD or Linux, I am almost certain I could get most 3rd party packages/ports to work, in BeOS (and yes I am assuming here) it's more than likely I would either have to wait or redo some code, so its not an option for me since I have no time.
Really I think its nice but nothing more than a hobby, I wish more developers however would come together under one roof and make he all-in-one super-ninja-hop-chop-socky OS without one having to wonder if a) there is support, b) it's cross `distro-able`/`platform-able`, etc.
My rants for the day fire away
that's a myth that it makes you forgetful... hell I've been smoking since.... since .... since....
Not only is he the founder... He's also a client
I heard it was "stop hitting her with the leather retard she's into bdsm she really does like it"
Dear Darl,
Many smarter people than me wasted their time trying to argue with you and all have wasted their breathe. I on the other hand am taking this one step further right now and calling you out for a celebrity source code death match to see who can code hello world faster. You can continue to ignore the SCUM Group all you want but eventually we will catch up with you and give you an atomic wedgie so far up your ass you'll be shitting printf for eons.
Your ramblings are like you claiming that, someone broke into your Calvin Clone boxer shorts and made your penis shrink to the size of your brain and now you have to spoil it for the Open Source community with your constant stream of lawsuits of which, no one but yourself can understand.
As Bush would say, "Your strategery has greatfulnessly misundersestimated the force", that force is Open Source you punk ass media whore. SCUM group acknowledges our acts of moronicy as a ploy to liven up the scenario. You on the other hand, have created with your Jerry Springer'ish mumblings, a laughing stock of those who have worked hard and brought Open Source out of the darkened states where it once rested.
Secondly aside from turning this into a serious rambling of my own, let me just state on behalf of all of SCUM you sir suck and shall be receiving one of 436,539,084,760,223,491,853,214,325,213 subpoenas we are currently autogenerating filled with the same nonsense you create.
Yours efermally, Durl
Durl McLame, CEO SCUMGroup.com
http://www.scumgroup.com
congressionally subpoenad and declassified Iraq documents
shit i need to wake up... thanx and doh! but in essence there still isnt anything more than some rfid bs... And I should have known it was the times because of the ugly ass colors they use
Washington Post has their own agendas politically when it comes to reporting. Sure it's pretty shitty to be monitored, but there is nothing stating that any information used was used for anything other than maybe for the sake of having some card manufacturers new card being tested.
Remember intelligence agencies from all over the place keep tabs on each other via other means (ECHELON, HUMINT, OSINT, IMINT, SIGNIT), so I doubt this was anything to be concerned with. Strictly something `chick' to report on. It's far more easier to set up assets to bang (screw/lay/fsck) one of these guys for info, than it would to keep watch of what they do.
User gets in car to go to summit, user's Eazypass or other form of cardpaymentsys tracks what exits he uses via tolls paid. User stops at gasoline station, credit card is used, card information is transmitted. User talks the beltway, cameras capture this. Get the picture? Everyone else sure did. Again other than this being all the rage (RFID's) I doubt it was something major, but surely someone with agendas sees it to be so. When they can produce something absolute that was used with this information, not just 'oh my look at this an RFID story' than I'll worry.
PS... Proof doesn't mean `hey we're the Foobar Newspaper
This same sentence reminds me oh so much of MS licensing the 'FAT' file system and their whole licensing scheme. As well as SCO suing everyone.
Let's suppose someone decided to turn around and sue you or something for manipulating their product, something small like this... Could cost you a pretty penny in legal fees. Or... say it takes you what a couple hours, couple of dollars to pull this `hack` off... For what in all honesty other than to say `look what I did`. Come one now... Digital cameras are dirt cheap. Not to rag on the `hacker', but let's get real what true purpose does this serve?
I'm not trying to troll around, nor put anyone's `work' down, but I'm trying to think of any value this may have and sadly I see none. Now had he said something really productive like he hacked the camera to make every pic to be Angelina Jolie, or some other sexpot, then I'd work with him...
it was done on purpose jackass to make fun of SCO's CEO or did you miss the mispelled Leter/Letter too?
Now I know it's trollish to root for MS in any case, and I truly don't but think about it... In any other society this wouldn't have happened. Look at what Russia did to their Yukos oil tycoon when he got too big for his own good... Not to say it's a good thing, but how can those in law turn a blind eye to MS' actions... Paying for the FAT system? Shit I thought the cost would have been included on purchase... Thats like buying a car now to have the dealer come back later and say "Oh by the way we will now charge you for using the engine in your car."
And we addressed everything with our Opin Leter to Open Source Criminals
Muttley you snickering floppy eared hound, When courage is needed, you're never around! Those medals you wear on your moth-eaten chest, Should be there for bungling at which you are best!
So, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop that Pigeon
How?
Nab him! Jab him! Tab him! Grab him!
Stop that pigeon
Now!
You Zilly, stop sneaking it's not worth the chance, For you'll be returned by the seat of your pants! And Klunk, you invent me a thingamybob, That catches that pigeon, or I lose my job!
So, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon, Stop The Pigeon
Stop that Pigeon
How?
Nab him! Jab him! Tab him! Grab him!
Stop that pigeon Now!
The mp3
Follow That Feather
Fully aware of the gravity of the situation, Dick Dastardly and his proud men try to eliminate the pigeon with a feather seeking homing missile. the cartoon
Sun Alert ID: 50104
Category: Security
Product: Solaris
BugIDs: 4774256
Avoidance: Workaround
Date Modified: 08-Aug-2003 1. Impact: A local or remote unprivileged user may be able to view root privileged files due to a security vulnerability involving the Solaris kcms_server(1) daemon
Now before you say but thats only viewing files blah blah blah like some troll, ask yourself how easy it would be to leverage this into something more? Wait I know... View unprivileged files? You mean like say... /etc/shadow? No that's thinking too far ahead. No codes available? Sure ...ok there are no codes you are so correct.
More of me being a prick? Why not...
Vulnerable systems:
SunOS 5.3 thru 5.9 (Solaris 2.x, 7, 8, 9) (x86)
By sending a sequence of specially crafted Remote Procedure Call (RPC) requests to the sadmind daemon, an attacker can exploit this vulnerability to gain unauthorized root access to a vulnerable system. The sadmind daemon defaults to weak authentication (AUTH_SYS), making it possible for a remote attacker to send a sequence of specially crafted RPC packets to forge the client identity.
After the identity has been successfully forged, the attacker can invoke a feature within the daemon itself to execute a shell as root or, depending on the forged credential, any other valid user of the system. The daemon will execute the program of the attacker's choice; for example, spawning a reverse-network shell back to the attacker for input/output control. Under certain circumstances, a reverse-network shell could allow for the attacker to bypass firewalls and/or filters .
Analysis:m l
Because the nature of the weakness exists on the application level, successful exploitation does not require the use of machine-specific code, nor does it require any previous knowledge of the target's architecture. Therefore, any local or remote attacker could execute commands as root on a vulnerable system running the sadmind service. By default, sadmind is installed and started at system boot time on most default and fully patched installations of Solaris. While many other vendors rely on SUNRPC related routines from Sun, this design issue is confined to Sun's sadmind authentication implementation in Solaris. The most inherent threat is if this exploit becomes packaged into a cross-platform worm were it to become publicly available. http://www.securiteam.com/unixfocus/5HP0G1PB6K.ht
Sorry I took some time I was too busy being a Redhat GNU nazi...
# uname -a
SunOS kungfunix.net 5.9 Pitbull sun4u sparc SUNW,Sun-Fire-480R
bash-2.05a$ uname -aB UBONIC i386
FreeBSD bubonic.infiltrated.net 4.8-RELEASE-p13 FreeBSD 4.8-RELEASE-p13 #0: Tue Oct 7 01:44:44 EDT 2003 root@fscker.infiltrated.net:/usr/obj/usr/src/sys/
-bash-2.05b$ uname -as ys/DAEMONICALLY alpha
FreeBSD daemonically.perfidious.org 4.9-STABLE FreeBSD 4.9-STABLE #1: Thu Nov 6 01:13:52 EST 2003 sil@daemonically.perfidious.org:/usr/obj/usr/src/
Yea sure... Why not... Sorry but I use WindowsXP (that's right) on my laptop and Sol for my servers, and FreeBSD to fuck around with. This is going to be the last comment I make on this thread, because it literally is boring. And you're right I know nothing of security whatsoever. In fact I don't even know my name there buddy
Boring thread. Just because patches are release doesn't mean everyone is patching. I for one use Sun on sparc boxes but would not use the x86 version. It's a matter of opinion, and choice. If you had the slightest 'clue' you could netcraft my domains to see what I'm using. I've given up the "my penis is bigger than yours", Linux vs. *, or Sun vs. *, or Microsoft is * because it's so tiring. As for Trusted Solaris, I doubt you've ever used it but if you want an account let me know because I have a blade running it. Your post makes me laugh considering again if you had an inkling of an idea, you would've halted a long time ago with your babbling. So I restate... I posted what's known (exploits), this does not include code that never makes it out. Certainly you've heard of private exploits there neo haven't you? Did it ever occur to you some people really don't whore shit out and release codes, or work with vendors instead of mail -s "i 4m j33t" bugtraq@securityfocus.com? Give me a break.
Poor trolls
3 298&cid=1
l _bulletins/sun/suna.51884.txt
Product: Samba 2.2.2 to 2.2.8
Publisher: Sun Microsystems
Operating System: Solaris 9
Platform: SPARC
i386
Impact: Root Compromise
Access Required: Remote
http://www.auscert.org.au/render.html?it=
==========
Sun(sm) Alert Notification
Sun Alert ID: 51884
Synopsis: Security Vulnerability in the Network Services Library, libnsl(3LIB),
Affecting rpcbind(1M)
Category: Security
Product: Solaris
BugIDs: 4767276
Avoidance: Workaround, Patch
State: Resolved
Date Released: 20-Mar-2003, 26-Mar-2003, 28-Apr-2003, 08-May-2003
Date Closed: 08-May-2003
Date Modified: 26-Mar-2003, 28-Apr-2003, 08-May-2003
1. Impact
A local or remote unprivileged user may be able to kill rpcbind(1M) due to a
security vulnerability in the network services library, libnsl(3LIB).
Exploiting this vulnerability may lead to denial of service. Although Sun is
not aware of any other applications or services that may be vulnerable to this
issue, Sun is continuing to investigate and will update this Sun Alert as
needed.
This issue is also described in CERT Vulnerability VU#516825 (see
http://www.kb.cert.org/vuls/id/516825) which is referenced in CERT Advisory
CA-2003-10 (see http://www.cert.org/advisories/CA-2003-10.html).
Thanks to Riley Hassell of eEye Digital Security and Garry Zacheiss of MIT for
reporting this issue.
2. Contributing Factors
This issue can occur in the following releases:
x86 Platform
Solaris 9 without patch 113719-04
http://www.ncl.ac.uk/ucs/security/loca
============
I'l l stop because its obvious who has a clue here
and who doesn't 7 holes now one thread
And what about the remote one I posted below? Is this the invisible one you choose not to see?
Sun(sm) Alert Notification
/etc/cachefstab exists it may contain unusual entries. The usual entries are known cache directories, for example, /cachefs/cache0.
= ====
. Contributing Factors
* Sun Alert ID: 44309
* Synopsis: Buffer Overflow in cachefsd in Solaris
* Category: Security
* Product: Solaris
* BugIDs: 4338920
* Avoidance: Workaround, Patch
* State: Resolved
* Date Released: 30-Apr-2002, 31-May-2002, 02-Apr-2003
* Date Closed: 02-Apr-2003
* Date Modified: 24-May-2002, 31-May-2002, 06-Jan-2003, 02-Apr-2003
1. Impact
Unprivileged local or remote users may be able to gain unauthorized root access due to a buffer overflow in cachefsd.
2. Contributing Factors
This issue can occur in the following releases:
x86 Platform
* Solaris 9 without patch 114009-01
3. Symptoms
Failed attempts to exploit the buffer overflow will leave core files in the / directory from cachefsd. In addition, if the file
http://sunsolve.sun.com/pub-cg i/retrieve.pl?doc=fsalert%2F44309
==============
Sun(sm) Alert Notification
* Sun Alert ID: 55680
* Synopsis: Security Vulnerability in the Solaris Runtime Linker ld.so.1(1)
* Category: Security
* Product: Solaris
* BugIDs: 4872634
* Avoidance: Patch
* State: Resolved
* Date Released: 29-Jul-2003
* Date Closed: 29-Jul-2003
* Date Modified:
1. Impact
An unprivileged local user may be able to gain unauthorized root privileges due to a buffer overflow in the runtime linker ld.so.1(1).
Sun acknowledges with thanks, Jouko Pynnonen (jouko@iki.fi) for bringing this issue to our attention and iDEFENSE Inc. (www.idefense.com) for coordinating the release of this issue.
This issue is described in iDEFENSE Advisory located at: http://www.idefense.com/advisory/07.29.03.txt.
2
This issue can occur in the following releases:
x86 Platform
* Solaris 9 without patch 113986-05
http://sunsolve.sun.com/pub-cgi/retri eve.pl?doc=fsalert%2F55680&zone_32=55680
====== ============
Whats that 5 holes in one posting? Give me a break. And these are the publicly made sec gaps
and does not include code that doesn't get out.
Get a clue before responding with some zealotry.
DOCUMENT ID: 57414= 3593&cid=1
- 069.shtml
= 3487&cid=33
SYNOPSIS: Buffer Overflow Vulnerability in the CDE DtHelp Library May
Allow Unauthorized "root" Access
https://www.auscert.org.au/render.html?it
============
PROBLEM: A vulnerability exists in the newtask(1) command that may lead to unauthorized root access.
PLATFORM: Solaris 9
DAMAGE: If exploited, a local unprivileged user may be able to gain unauthorized root access.
SOLUTION: Apply patch or workaround.
http://www.ciac.org/ciac/bulletins/n
========
Product: GNOME 2.0 XScreensaver
Publisher: Sun Microsystems
Operating System: Solaris
Platform: SPARC x86
Impact: Reduced Security
Access Required: Existing Account
http://www.auscert.org.au/render.html?it
I could go on and give shellcode too but I won't. Know what you're talking about before jumping out there
If you have a few bucks you might want to get an older sparc to try Solaris on. Sol x86 is a security nightmare, and its not the same as using sol under sun's arch. e.g. I run most of my sites on sun boxes, and love it, using x86 sol... Hate it. Definitely not the same if you ask me