OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Announcement: Solaris loadable kernel module

Announcement: Solaris loadable kernel module backdoor

Subject: Announcement: Solaris loadable kernel module backdoor
From: plasmoid (plasmoidPIMMEL.COM)
Date: Mon Dec 20 1999 - 16:43:46 CST

I'd like to announce in addition to the two THC articles covering Linux
and FreeBSD loadable kernel module backdoors the first public loadable
kernel module backdoor for Solaris.

The module features:
        - File hiding
        - File content and directory hiding
        - Switch to toggle file content and directory hiding
        - Process hiding (structured proc)
        - Promiscous flag hiding
        - Converting magic uid to root uid
        - Execution redirecting

It has been successfully tested on the following operating systems:
Solaris7 x86 / sparc / ultrasparc
Solaris 2.6 ultrasparc

The module can be directly downloaded from
--- http://www.infowar.co.uk/thc/files/thc/slkm-1.0.tar.gz

A complete documentation of the kernel module's functions can be found in
my article "Attacking Solaris with loadable kernel modules" at
--- http://www.infowar.co.uk/thc

Regards,
Plasmoid / THC
http://www.infowar.co.uk/thc
http://www.pimmel.com

This archive was generated by hypermail 2b27 : Tue Dec 21 1999 - 13:54:29 CST