SGI fam vulnerability
CVE 1999-0059
Impact
A vulnerability in the SGI fam service could allow a remote
attacker to obtain a complete listing of files and directories on
IRIX systems.
Background
IRIX systems run a service called the file alteration monitor (fam).
It is used by other programs to keep track of file modifications.
The Problem
When a client connects to the fam service, it specifies
the name of a file or directory to watch for modifications. If the
name of a directory is specified, the server returns a listing of that
directory. An attacker could obtain a complete list of files on the
system by obtaining a listing of the root directory and recursively
following the subdirectories. All IRIX systems prior to IRIX 6.5.8 running
the fam service are vulnerable.
Resolution
Disable the fam service. This can be done by
finding the line in /etc/inetd.conf starting with
sgi_fam and putting a comment sign (#) at the
beginning of the line. Then at the command prompt type
"/etc/killall -HUP inetd" and "/etc/killall fam".
Note that disabling fam may
disrupt other services which depend upon it, such as fm, mailbox,
mediad, scanners, sysmon,
fxbuilder, and IRIS annotator, if they are running.
If the fam service cannot be disabled, install the
open-source version
which contains a fix for the vulnerability.
Where can I read more about this?
This vulnerability was first reported in
NAI Security Bulletin 16 and was updated in an
SGI Security
Advisory.