(CIAC Issues Bulletin) Re: SGI's IRIX Allows Remote Users to Execute Arbitrary Code on the Server with Root-Level Privileges Using the Embedded Support Partner (ESP) Application (Installed By Default on IRIX Systems)
SecurityTracker Alert ID: 1001536|
SecurityTracker URL: http://securitytracker.com/id/1001536
(Links to External Site)
Date: May 15 2001
Execution of arbitrary code via network, Root access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 6.5.5 6.5.8|
Internet Security Systems released an advisory for SGI's IRIX Embedded Support Partner application, warning that it contains a buffer overflow and can allow remote users to execute arbitrary code with root level privileges on the server.|
A buffer overflow is reported in the rpc.espd component of the Embedded Support Partner (ESP) subsystem. ESP is apparently installed and enabled by default on all current SGI IRIX installations.
ESP is an application used for managing multiple SGI devices on a network.
A remote user can execute arbitrary code with root level privileges on the server, thereby gaining root level access to the server.|
SGI recommends immediately disabling rpc.espd to prevent exposure before patches can be applied. SGI has made security patch 4123 available to address this vulnerability. See the Vendor URL for information on the patch.|
Vendor URL: www.sgi.com/support/security/ (Links to External Site)
|Underlying OS: UNIX (SGI/IRIX)|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: CIAC Bulletin L-080: SGI IRIX rpc.espd Buffer Overflow|
[For Public Release]
-----BEGIN PGP SIGNED MESSAGE-----
The U.S. Department of Energy
Computer Incident Advisory Center
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
SGI IRIX rpc.espd Buffer Overflow
[SGI Security Advisory 20010501-01-P]
May 12, 2001 01:00 GMT Number L-080
PROBLEM: An exploitable buffer overflow has been discovered in the
Embedded Support Partner (ESP) daemon rpc.espd.
PLATFORM: IRIX 6.5.5 through IRIX 6.5.8 are vulnerable.
IRIX 6.5.7 and IRIX 6.5.8 systems with patch 4123 are not
IRIX 6.5.9 and above are not vulnerable to this issue.
DAMAGE: root compromise.
SOLUTION: Apply the patches described below.
VULNERABILITY VERY HIGH. This is remotely exploitable, and results in a root
[****** Start SGI Advisory ******]
[****** End SGI Advisory ******]
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
-----END PGP SIGNATURE-----
This message was posted through the FIRST mailing list server. If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG