IRIX xfsmd RPC Weak Authentication Privilege Escalation

2002-06-20T00:00:00
ID OSVDB:5315
Type osvdb
Reporter Last Stage of Delirium Research Group(contact@lsd-pl.net)
Modified 2002-06-20T00:00:00

Description

Vulnerability Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker bypasses the AUTH_UNIX authentication scheme used by the xfsmd daemon and issues remote procedure calls that mount, unmount, create, delete or modify xfs file systems. This flaw is leveraged to obtain root privileges, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: disable the daemon.

killall /usr/etc/xfsmd

vi /etc/inetd.conf

Look for a line in inetd.conf that looks like this:

sgi_xfsmd/1 stream rpc/tcp wait root ?/usr/etc/xfsmd xfsmd

...and comment it out by putting a "#" at the beginning of the line:

sgi_xfsmd/1 stream rpc/tcp wait root ?/usr/etc/xfsmd xfsmd

...or simply remove the line from the file.

killall -HUP inetd

Short Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker bypasses the AUTH_UNIX authentication scheme used by the xfsmd daemon and issues remote procedure calls that mount, unmount, create, delete or modify xfs file systems. This flaw is leveraged to obtain root privileges, resulting in a loss of integrity.

References:

Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/advisories/20020606-02-I Vendor Specific Advisory URL Vendor Specific Advisory URL Other Advisory URL: http://www.securityfocus.com/advisories/4221 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-06/0252.html ISS X-Force ID: 9401 Generic Exploit URL: http://lsd-pl.net/code/IRIX/irx_xfsmd.c CVE-2002-0359 CERT VU: 521147 Bugtraq ID: 5072