IRIX syssgi Privilege Escalation

2004-06-16T05:54:28
ID OSVDB:7122
Type osvdb
Reporter Adam Gowdiak()
Modified 2004-06-16T05:54:28

Description

Vulnerability Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker reads and writes kernel memory via "SGI_IOPROBE" requests in the "syssgi()" system call. This flaw may allow a local attacker to gain root privileges, resulting in a loss of confidentiality and integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SGI has released a patch to address this vulnerability.

Short Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker reads and writes kernel memory via "SGI_IOPROBE" requests in the "syssgi()" system call. This flaw may allow a local attacker to gain root privileges, resulting in a loss of confidentiality and integrity.

References:

Secunia Advisory ID:11872 Related OSVDB ID: 7123 Related OSVDB ID: 7124 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc CVE-2004-0135 CVE-2004-0136 CVE-2004-0137