IRIX fsdump can create arbitrary zero-length root owned files
| sgi-fsdump (2106) |  High Risk |
Description:
The IRIX fsdump command is installed with the (optional) rfind Server Utilities packages. A vulnerability in this program could allow local users to create arbitrary, zero-length, root-owned files on the system. This vulnerability can be exploited to gain unauthorized root privileges.
Consequences:
File Manipulation
Remedy:
Patches for this vulnerability will not be released by SGI. As a workaround, strip the fsdump command of its suid bit or completely remove the rfindd package(s), as listed in Silicon Graphics Inc. Security Advisory 19970301-01-P. See References.
References:
- BugTraq Mailing List, Thu, 28 Nov 1996 05:55:38 -0600: Irix: more suid fun/exploits.
- SGI Security Advisory 19970301-01-P: IRIX 5.x and 6.x fsdump Security.
- BID-355: IRIX fsdump Vulnerability
- CVE-1999-0044: fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.
Platforms Affected:
- SGI IRIX 5.0
- SGI IRIX 5.0.1
- SGI IRIX 5.1
- SGI IRIX 5.1.1
- SGI IRIX 5.2
- SGI IRIX 5.3 XFS
- SGI IRIX 5.3
- SGI IRIX 6.0
- SGI IRIX 6.0.1
- SGI IRIX 6.1
- SGI IRIX 6.2
Reported:
Nov 28, 1996
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net