IRIX gr_osview -s Parameter Arbitrary File Overwrite

2005-04-07T06:33:26
ID OSVDB:15350
Type osvdb
Reporter iDEFENSE(idlabs-advisories@idefense.com)
Modified 2005-04-07T06:33:26

Description

Vulnerability Description

SGI IRIX contains a flaw that may allow a malicious user to open arbitrary files and overwrite them with system usage data. The issue is triggered when envoking the gr_osview utility with the '-s' option occurs. It is possible that the flaw may allow a local user to open arbitrary files and overwrite them with system usage data resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 6.5.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

SGI IRIX contains a flaw that may allow a malicious user to open arbitrary files and overwrite them with system usage data. The issue is triggered when envoking the gr_osview utility with the '-s' option occurs. It is possible that the flaw may allow a local user to open arbitrary files and overwrite them with system usage data resulting in a loss of confidentiality and integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1013662 Secunia Advisory ID:14875 Related OSVDB ID: 15351 Other Advisory URL: http://www.idefense.com/application/poi/display?id=225&type=vulnerabilities&flashstatus=true Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0102.html CVE-2005-0465