[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[irix-security] IRIX nsd vulnerability
- To: irix-security@sfu.ca
- Subject: [irix-security] IRIX nsd vulnerability
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 17 Jan 2002 19:30:49 -0800
- User-Agent: Mutt/1.2.5.1i
Topic
=====
bugs in the name service daemon nsd can be exploited leading to a DoS
Problem Description
===================
A vulnerability related to the way the IRIX unified name service daemon
(nsd) manages its cache files can lead to the cache to grow to eventually
fill the system disk.
The nsd daemon is installed by default on all 6.5.x versions of IRIX, and
this vulnerability exists in all versions of IRIX 6.5.4m/f through
6.5.11m/f. The problem has been fixed in IRIX 6.5.12m/f.
A local user account on the vulnerable system is not required in order to
exploit this vulnerability.
The exploitation of this vulnerability can lead to a full system disk,
effectively resulting in a Denial of Service.
Solution
========
SGI has provided a patch for these vulnerabilities for IRIX 6.5.11.
The problem has been fixed in IRIX 6.5.12. Our recommendation is to
upgrade to IRIX 6.5.12 or later.
OS Version Vulnerable? Patch # Other Actions
---------- ----------- ------- -------------
IRIX 6.5 no
IRIX 6.5.1 no
IRIX 6.5.2 no
IRIX 6.5.3 no
IRIX 6.5.4 yes
IRIX 6.5.5 yes
IRIX 6.5.6 yes
IRIX 6.5.7 yes
IRIX 6.5.8 yes
IRIX 6.5.9 yes
IRIX 6.5.10 yes
IRIX 6.5.11 yes 4236
IRIX 6.5.12 no
IRIX 6.5.13 no
IRIX 6.5.14 no
SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/
The actual patch will be a tar file patch4236.tar
Untar that file in an appropriate directory (I am using /usr/local/src/dist),
start swmgr and enter that directory name in the "Available Software" box.