SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   arrayd Vendors:   SGI (Silicon Graphics)
SGI IRIX arrayd Authentication Flaw May Grant Remote Users Root Access
SecurityTracker Alert ID:  1014278
SecurityTracker URL:  http://securitytracker.com/id/1014278
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jul 12 2005
Original Entry Date:  Jun 23 2005
Impact:   Root access via network, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in arrayd on SGI's IRIX operating system. A remote user may be able to gain root access on the target system.

A remote user can conduct a spoofing attack to potentially gain access to the target system. Systems using the 'NONE' or 'SIMPLE' authentication settings are vulnerable. Systems using the 'NOREMOTE' authentication setting (the default setting in IRIX 6.5.5 and later versions) are not vulnerable.

Some demonstration exploit code is available at:

http://lsd-pl.net/code/IRIX/irx_arrayd.c

Impact:   A remote user can gain user-level or root-level access to the target system via arrayd.
Solution:   No solution was available at the time of this entry.

The vendor recommends using the 'NOREMOTE' authentication configuration until a solution becomes available.

The vendor's advisory is available at:

ftp://patches.sgi.com/support/free/security/advisories/20050604-01-A.asc

Vendor URL:  www.sgi.com/support/security/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (SGI/IRIX)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC