COMMAND

    kernel

SYSTEMS AFFECTED

    FreeBSD & Solaris

PROBLEM

    'plasmoid'  announced  following  in  addition  to  the  two   THC
    articles  covering  Linux  and  FreeBSD  loadable  kernel   module
    backdoors the  first public  loadable kernel  module backdoor  for
    Solaris.  The module features:

        - File hiding
        - File content and directory hiding
        - Switch to toggle file content and directory hiding
        - Process hiding (structured proc)
        - Promiscous flag hiding
        - Converting magic uid to root uid
        - Execution redirecting

    It  has  been  successfully  tested  on  the  following  operating
    systems:  Solaris7 x86 / sparc / ultrasparc Solaris 2.6 ultrasparc

    The module can be directly downloaded from

        http://www.infowar.co.uk/thc/files/thc/slkm-1.0.tar.gz

    A complete documentation of  the kernel module's functions  can be
    found  in  my  article  "Attacking  Solaris  with  loadable kernel
    modules" at

        http://www.infowar.co.uk/thc

SOLUTION

    Experience.