IRIX disk_bandwidth Relative Pathname Privilege Escalation

1998-07-20T00:00:00
ID OSVDB:936
Type osvdb
Reporter OSVDB
Modified 1998-07-20T00:00:00

Description

Vulnerability Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user tricks the disk_bandwidth program into running a malicious binary or a malicious script, due to its failure to use an absolute path in a system function call. This flaw may lead to a loss of integrity.

Technical Description

This vulnerability is only present on IRIX S2MP for Origin/Onyx2.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:

/bin/chmod 500 /sbin/disk_bandwidth

Short Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user tricks the disk_bandwidth program into running a malicious binary or a malicious script, due to its failure to use an absolute path in a system function call. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.sgi.com Vendor Specific Advisory URL ISS X-Force ID: 1441 CVE-1999-0313 CIAC Advisory: i-076 Bugtraq ID: 214