Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Continuous multi-exploit scanning / Sadmind exploit SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Continuous multi-exploit scanning / Sadmind exploit
Continuous multi-exploit scanning

Still receiving reports about multi-exploit bot or worm scanning various different ports: 1025, 135, 139, 2745, 3127, 445, 6129, 80, 8080.

We received a report about a solaris machine that was compromised by the recent sadmind vulnerability. In SUN's advisory about this flaw, it states that versions 7 and 8 including trusted versions, and version 9 are vulnerable, but that previous versions shipped with sadmind are also vulnerable.

The user had version 2.6 and states that the machine had the latest and greatest security patches from SUN, so he didnt take the mitigation steps from the advisory. Also SUN apparently only released patches for versions 7,8 (including trusted) and 9.
Even that you dont have Solaris version 7,8 (including trusted) or 9, you should carefully read the advisory and use the proper workaround suggestion.

Handlers on Duty: Pedro Bueno (

155 Posts
ISC Handler
Apr 5th 2004

Sign Up for Free or Log In to start participating in the conversation!