IRIX NFS Wildcard exportfs Access Check Bypass

2003-10-28T00:00:00
ID OSVDB:2734
Type osvdb
Reporter OSVDB
Modified 2003-10-28T00:00:00

Description

Vulnerability Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user bypasses Network File System (NFS) access checks when the root,rw or access options in /etc/exports contain only wildcards (IP addresses or domain suffixes) and no explicit hostnames or netgroups. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 6.5.22 or higher, as it has been reported to fix this vulnerability. In addition, Silicon Graphics, Inc. has released patches for some older versions.

Short Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user bypasses Network File System (NFS) access checks when the root,rw or access options in /etc/exports contain only wildcards (IP addresses or domain suffixes) and no explicit hostnames or netgroups. This flaw may lead to a loss of integrity.

References:

Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/ Vendor Specific Advisory URL Secunia Advisory ID:10095 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0290.html ISS X-Force ID: 13544 CVE-2003-0683 CIAC Advisory: o-014 Bugtraq ID: 8921