SGI IRIX page denial of service
| irix-page-dos (16417) |  Medium Risk |
Description:
SGI IRIX is vulnerable to a denial of service attack, caused by a vulnerability when validating pages. A local attacker could use this vulnerability to cause the init process to panic.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of IRIX (6.5.25 or later), when available, as listed in SGI Security Advisory 20040601. See References.
— OR—
Apply the appropriate patch for your system, as listed in SGI Security Advisory 20040601. See References.
References:
- CIAC Information Bulletin O-167: SGI - System Call SGI_IOPROBE Vulnerability.
- SGI Security Advisory 20040601: syssgi system call vulnerability and other security fixes.
- BID-10549: SGI IRIX Undisclosed Init Denial Of Service Vulnerability
- CVE-2004-0137: Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of page invalidation issues.
- OSVDB ID: 7124: IRIX init Page Validation Issue Local DoS
- SA11872: SGI IRIX Privilege Escalation and Denial of Service Vulnerabilities
Platforms Affected:
- SGI IRIX 6.5.20f
- SGI IRIX 6.5.20m
- SGI IRIX 6.5.21f
- SGI IRIX 6.5.21m
- SGI IRIX 6.5.22
- SGI IRIX 6.5.23
- SGI IRIX 6.5.24
Reported:
Jun 14, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net