[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] IRIX /dev/ipfilter Denial of Service vulnerability

To: irix-security@sfu.ca
Subject: [irix-security] IRIX /dev/ipfilter Denial of Service vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 5 Jun 2002 19:57:42 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
/dev/ipfilter Denial of Service vulnerability

Problem Description
===================
The default permissions on /dev/ipfilter as created
by /dev/MAKEDEV could lead to a Denial of Service attack.  The default
permissions were 644, and while the permissions are set to that value it is
possible for a non-root user to disrupt network traffic.
These vulnerabilities may not be exploited by a remote user, a local account
is required.

Affected Systems
================
The /dev/ipfilter device is created by default on IRIX 6.5 systems during
installation.  The ipfilterd software that is intended to use this device is
not installed by default, it is part of the eoe.sw.ipgate package.

To determine if you are vulnerable, execute the following command:

   $ ls -l /dev/ipfilter
   crw-r--r--    1 root     sys        59,  0 Apr 12 08:33 /dev/ipfilter

If your /dev/ipfilter shows the permissions and ownership of 644 as in the
example above, then you are vulnerable.

This issue has been corrected in IRIX 6.5.11 and later versions.

Workaround
==========
You can fix the permissions of /dev/ipfilter with the following command:

   # chmod 600 /dev/ipfilter

After running that command, it should look like this:

   # ls -l /dev/ipfilter
   crw-------    1 root     sys        59,  0 Apr 12 08:33 /dev/ipfilter

However, SGI recommends upgrading to IRIX 6.5.11 or later because if the
/dev/MAKEDEV script is run it will reset the permissions to 644.  The
/dev/MAKEDEV script has been changed in IRIX 6.5.11 to create the device
with 600 permissions.

Solution
========
SGI has not provided patches for this vulnerability. Their recommendation is
to upgrade to IRIX 6.5.11 or later.


   OS Version     Vulnerable?
   ----------     -----------
   IRIX 6.5          yes
   IRIX 6.5.1        yes
   IRIX 6.5.2        yes
   IRIX 6.5.3        yes
   IRIX 6.5.4        yes
   IRIX 6.5.5        yes
   IRIX 6.5.6        yes
   IRIX 6.5.7        yes
   IRIX 6.5.8        yes
   IRIX 6.5.9        yes
   IRIX 6.5.10       yes
   IRIX 6.5.11       no
   IRIX 6.5.12       no
   IRIX 6.5.13       no
   IRIX 6.5.14       no
   IRIX 6.5.15       no
   IRIX 6.5.16       no

Prev by Date: [irix-security] IRIX pmcd Denial of Service vulnerability
Next by Date: [irix-security] IRIX cpr vulnerability
Prev by thread: [irix-security] IRIX cpr vulnerability
Next by thread: [irix-security] IRIX pmcd Denial of Service vulnerability
Index(es):
- Date
- Thread