From: plasmoid [plasmoid@PIMMEL.COM]
Sent: Monday, December 20, 1999 5:44 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Announcement: Solaris loadable kernel module backdoor

I'd like to announce in addition to the two THC articles covering Linux
and FreeBSD loadable kernel module backdoors the first public loadable
kernel module backdoor for Solaris.

The module features:
        - File hiding
        - File content and directory hiding
        - Switch to toggle file content and directory hiding
        - Process hiding (structured proc)
        - Promiscous flag hiding
        - Converting magic uid to root uid
        - Execution redirecting

It has been successfully tested on the following operating systems:
Solaris7 x86 / sparc / ultrasparc
Solaris 2.6 ultrasparc

The module can be directly downloaded from
--- http://www.infowar.co.uk/thc/files/thc/slkm-1.0.tar.gz

A complete documentation of the kernel module's functions can be found in
my article "Attacking Solaris with loadable kernel modules" at
--- http://www.infowar.co.uk/thc

Regards,
Plasmoid / THC
http://www.infowar.co.uk/thc
http://www.pimmel.com