[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] IRIX syslogd vulnerability

To: irix-security@sfu.ca
Subject: [irix-security] IRIX syslogd vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 5 Jun 2002 19:43:03 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
A buffer overflow in syslogd can lead to a DoS attack.

Problem Description
===================
Under certain conditions involving a buffer overrun, the IRIX syslogd can
be made to crash.  This can result in a potential denial of service.
This vulnerability may be exploited remotely, no local account is required.

Affected Systems
================
The syslogd binary is installed by default on IRIX 6.5 systems as part of
eoe.sw.base and is activated by default.
These issues have been corrected in IRIX 6.5.10 and later releases.

Solution
========
SGI has not provided patches for this vulnerability. Their recommendation is
to upgrade to IRIX 6.5.10 or later.

   OS Version     Vulnerable?
   ----------     -----------
   IRIX 6.5          yes
   IRIX 6.5.1        yes
   IRIX 6.5.2        yes
   IRIX 6.5.3        yes
   IRIX 6.5.4        yes
   IRIX 6.5.5        yes
   IRIX 6.5.6        yes
   IRIX 6.5.7        yes
   IRIX 6.5.8        yes
   IRIX 6.5.9        yes
   IRIX 6.5.10       no
   IRIX 6.5.11       no
   IRIX 6.5.12       no
   IRIX 6.5.13       no
   IRIX 6.5.14       no
   IRIX 6.5.15       no

Prev by Date: [irix-security] IRIX hpsnmpd vulnerability
Next by Date: [irix-security] IRISconsole icadmin password vulnerability
Prev by thread: [irix-security] IRISconsole icadmin password vulnerability
Next by thread: [irix-security] IRIX hpsnmpd vulnerability
Index(es):
- Date
- Thread