Check or Attack Name: admind

Admind or sadmind was detected on the machine. By default, admind runs in an insecure SYS mode. If admind is insecure, an attacker can obtain access to it and change the password file.

If this vulnerability was flagged and admind or sadmind are not running, then you will need to run rpcinfo on the vulnerable system. According to RFC 1700, the correct RPC numbers for admind and sadmind are:

• admind = 100087
• sadmind = 100232

Solaris is the only Unix platform that uses admind or sadmind. Another OS could show up vulnerable if the above RPC numbers are being used by another service. If this is the case, you will need to change the RPC numbers to reflect the standards as defined in RFC 1700.

Fortify the security level for admind and upgrade to Solaris 2.3 or later. If you cannot upgrade and want to use the patch instead, contact your Sun support representative.

To increase security, follow these steps:

1. Edit the /etc/inetd.conf file.
2. Locate the line that controls admind.
3. Append -S 2 switch to the admind line. This switch instructs the admind server to require stronger DES authentication.
4. Restart inetd.

—AND—

Solaris Patch ID 101384 addresses this vulnerability, but is no longer publicly available from SunSolve. The patch has been incorporated in Solaris 2.3. Inclusion of this patch is documented in "SunSolve Online Public Patch Access" at ftp://sunsolve1.sun.com/pub/patches/Solaris2.3.PatchReport.

Sun Microsystems SunSolve FTP Site, Solaris 2.3 Patch Report Update as of 01 Dec 98, ftp://sunsolve1.sun.com/pub/patches/Solaris2.3.PatchReport