[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] IRIX pmcd Denial of Service vulnerability

To: irix-security@sfu.ca
Subject: [irix-security] IRIX pmcd Denial of Service vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 5 Jun 2002 19:53:21 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
pmcd Denial of Service vulnerability

Problem Description
===================
It is possible to feed certain parameters to the /usr/etc/pmcd daemon that
will make it grow in size to the point where a Denial of Service attack can
be created.
This vulnerability may be exploited by a remote user, no local account
is required.

Affected Systems
================
The pmcd daemon is part of SGI's Performance Co-Pilot suite of performance
monitoring tools.  This is an optional product and is not installed by
default, but is supplied with the base OS.

To see if pmcd is installed, execute the following command:

% versions pcp_eoe
I = Installed, R = Removed

   Name                 Date        Description

   I  pcp_eoe              01/22/2002  Performance Co-Pilot Execution Only
                                       Environment, 6.5.15f
   I  pcp_eoe.man          01/22/2002  PCP EOE Documentation, 6.5.15f
   I  pcp_eoe.man.relnotes 01/22/2002  PCP EOE Release Notes, 6.5.15f
   I  pcp_eoe.sw           01/22/2002  PCP EOE Software, 6.5.15f
   I  pcp_eoe.sw.eoe       01/22/2002  PCP EOE, 6.5.15f

If the output looks similar to the above, then Performance Co-Pilot is
installed, and you are vulnerable if the version shown is earlier than
6.5.11.
These issues have been corrected in IRIX 6.5.11 and later versions.

Workaround
==========
If you don't use the Performance Co-Pilot software, it can be uninstalled
using the command:

  # versions remove pcp_eoe

Solution
========
SGI has not provided patches for this vulnerability. Their recommendation is
to upgrade to IRIX 6.5.11 or a later version.


   OS Version     Vulnerable?
   ----------     -----------
   IRIX 6.5          yes
   IRIX 6.5.1        yes
   IRIX 6.5.2        yes
   IRIX 6.5.3        yes
   IRIX 6.5.4        yes
   IRIX 6.5.5        yes
   IRIX 6.5.6        yes
   IRIX 6.5.7        yes
   IRIX 6.5.8        yes
   IRIX 6.5.9        yes
   IRIX 6.5.10       yes
   IRIX 6.5.11       no
   IRIX 6.5.12       no
   IRIX 6.5.13       no
   IRIX 6.5.14       no
   IRIX 6.5.15       no
   IRIX 6.5.16       no

Prev by Date: [irix-security] IRISconsole icadmin password vulnerability
Next by Date: [irix-security] IRIX /dev/ipfilter Denial of Service vulnerability
Prev by thread: [irix-security] IRIX /dev/ipfilter Denial of Service vulnerability
Next by thread: [irix-security] IRISconsole icadmin password vulnerability
Index(es):
- Date
- Thread