[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] IRIX cron daemon vulnerability

To: irix-security@sfu.ca
Subject: [irix-security] IRIX cron daemon vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 5 Jun 2002 19:24:42 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
insecure creation of temporary files by the cron daemon can lead to
root exploit.

Problem Description
===================
IRIX's cron daemon uses predictably named temporary files, and that under
certain circumstances this can lead to a root exploit.
These vulnerabilities may be not exploited by a remote user, a local
account is required.

Affected Systems
================
The cron binary is installed by default on IRIX 6.5 systems as part of
eoe.sw.base.
This issue has been corrected in IRIX 6.5.10 and later versions.

Solution
========
SGI has not released any patches to address this problem.
They recommend upgrade to IRIX 6.5.10 or later.

   OS Version     Vulnerable?
   ----------     -----------
   IRIX 6.5          yes
   IRIX 6.5.1        yes
   IRIX 6.5.2        yes
   IRIX 6.5.3        yes
   IRIX 6.5.4        yes
   IRIX 6.5.5        yes
   IRIX 6.5.6        yes
   IRIX 6.5.7        yes
   IRIX 6.5.8        yes
   IRIX 6.5.9        yes
   IRIX 6.5.10       no
   IRIX 6.5.11       no
   IRIX 6.5.12       no
   IRIX 6.5.13       no
   IRIX 6.5.14       no
   IRIX 6.5.15       no

Prev by Date: [irix-security] IRIX XFS filesystem denial of service attack
Next by Date: [irix-security] IRIX hpsnmpd vulnerability
Prev by thread: [irix-security] IRIX hpsnmpd vulnerability
Next by thread: [irix-security] IRIX XFS filesystem denial of service attack
Index(es):
- Date
- Thread