Solaris Runtime Linker – Exploit Detection
July 19, 2005
This is a demonstration of exploit detection using the Solaris implementation of C2 Auditing (BSM) to detect the system has been compromised. Of course , it helps to be logging locally as well to a secure central log server or protected media.
This was tested on an unpatched Solaris 10 Sparc system.
References:
http://www.securityfocus.com/bid/14074
http://sunsolve.sun.com/search/document.do”assetkey=1-26-101794-1
Sun Document ID: 101794
C2 (BSM) Detection of Exploit
Start of BSM Trace
Comment: I am an unprivileged user here. Audit userid/groupid is pete:pete.
Effective userid/groupid is pete:pete…..
Solaris Runtime Linker – Exploit Detection
Posted in Exploits and Bugs
Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers,