Topic
=====
A buffer overflow in /usr/sbin/cpr can lead to a root exploit
Problem Descritption
====================
There is a potential buffer overflow vulnerability in the /usr/sbin/cpr
program. If successfully exploited, this can lead to a root compromise.
This vulnerability may not be exploited by a remote user, a local account
is required.
Affected Systems
================
The cpr binary is installed by default on IRIX 6.5 systems as part of
eoe.sw.cpr (the SGI Checkpoint-Restart Software).
To see if cpr is installed, execute the following command:
$ versions eoe.sw.cpr
I = Installed, R = Removed
Name Date Description
I eoe 09/19/2000 IRIX Execution Environment, 6.5.10f
I eoe.sw 09/19/2000 IRIX Execution Environment Software
I eoe.sw.cpr 09/19/2000 SGI Checkpoint-Restart Software
If the command returns output similar to the above, then cpr is installed.
These issues have been corrected IRIX 6.5.11 and later versions.
Workaround
==========
If you don't use the Checkpoint Restart software, it can be uninstalled
using the command:
# versions remove eoe.sw.cpr
Solution
========
SGI has not provided patches for this vulnerability. Their recommendation is
to upgrade to IRIX 6.5.11 or later.
OS Version Vulnerable?
---------- -----------
IRIX 6.5 yes
IRIX 6.5.1 yes
IRIX 6.5.2 yes
IRIX 6.5.3 yes
IRIX 6.5.4 yes
IRIX 6.5.5 yes
IRIX 6.5.6 yes
IRIX 6.5.7 yes
IRIX 6.5.8 yes
IRIX 6.5.9 yes
IRIX 6.5.10 yes
IRIX 6.5.11 no
IRIX 6.5.12 no
IRIX 6.5.13 no
IRIX 6.5.14 no
IRIX 6.5.15 no
IRIX 6.5.16 no