xfsmd vulnerability
Created 6/28/02
CVE 2002-0359
CAN 2002-0652
Impact
A vulnerability in SGI's xfsmd could allow a remote
attacker to execute arbitrary commands with root privileges.
Background
xfsmd is part of the optional
xfsmserv package for the SGI IRIX operating
system. It is used by the graphical user interface for
making xfs file systems.
The Problem
CVE 2002-0359
CAN 2002-0652
Due to weak RPC authentication, a remote attacker could call
any of several potentially dangerous RPC functions offered
by xfsmd. There is also a vulnerability in
xfsmd in the use of the
popen() library function call. Either of
these vulnerabilities could allow a remote attacker to
execute arbitrary commands with root privileges.
Resolution
Since the xfsmserv package is no longer
supported, there are no vendor patches available for this
vulnerability. The xfsmd service should
be disabled. This is done as follows:
- In /etc/inetd.conf, find the line which
begins with sgi_xfsmd.
- Place a comment sign (#) at the beginning
of the line.
- killall -HUP inetd
- killall /usr/etc/xfsmd
Where can I read more about this?
This vulnerability was reported in
SGI Security Advisory 20020606-02-I.