IRIX cpr Library Load Privilege Escalation

2004-05-26T05:39:45
ID OSVDB:6434
Type osvdb
Reporter Adam Gowdiak()
Modified 2004-05-26T05:39:45

Description

Vulnerability Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when restarting the checkpointed process, a malicious user can force a user provided library to be loaded through the cpr binary. This flaw may lead to a loss of integrity and confidentiality.

Technical Description

It is unknown if versions older than 6.5.20 are vulnerable.

Solution Description

Upgrade to version 6.5.25 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):

Install vendor patch for the vulnerable version.

Short Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when restarting the checkpointed process, a malicious user can force a user provided library to be loaded through the cpr binary. This flaw may lead to a loss of integrity and confidentiality.

References:

Vendor URL: http://www.sgi.com/ Secunia Advisory ID:11721 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040507-01-P.asc CVE-2004-0134