17th Apr 2002 [SBWID-5278]
COMMAND
cron use of predictable named temporary files can lead to remote
exploit
SYSTEMS AFFECTED
IRIX 6.5
PROBLEM
In SGI Security [http://www.sgi.com/support/security/] advisory
[20020403-01-I] :
It\'s been reported that the IRIX cron daemon uses predictably named
temporary files, and that under certain circumstances this can lead to
a root exploit.
The cron binary is installed by default on IRIX 6.5 systems as part of
eoe.sw.base.
These vulnerabilities may be not exploited by a remote user, a local
account is required.
This vulnerability can lead to root exploit.
SOLUTION
SGI has not released any patches to address this problem. Our
recommendation is to upgrade to IRIX 6.5.10 or later.
OS Version Vulnerable? Patch # Other Actions
---------- ----------- ------- -------------
IRIX 3.x unknown Note 1
IRIX 4.x unknown Note 1
IRIX 5.x unknown Note 1
IRIX 6.0.x unknown Note 1
IRIX 6.1 unknown Note 1
IRIX 6.2 unknown Note 1
IRIX 6.3 unknown Note 1
IRIX 6.4 unknown Note 1
IRIX 6.5 yes Notes 2 & 3
IRIX 6.5.1 yes Notes 2 & 3
IRIX 6.5.2 yes Notes 2 & 3
IRIX 6.5.3 yes Notes 2 & 3
IRIX 6.5.4 yes Notes 2 & 3
IRIX 6.5.5 yes Notes 2 & 3
IRIX 6.5.6 yes Notes 2 & 3
IRIX 6.5.7 yes Notes 2 & 3
IRIX 6.5.8 yes Notes 2 & 3
IRIX 6.5.9 yes Notes 2 & 3
IRIX 6.5.10 no
IRIX 6.5.11 no
IRIX 6.5.12 no
IRIX 6.5.13 no
IRIX 6.5.14 no
IRIX 6.5.15 no
NOTES
1) This version of the IRIX operating has been retired. Upgrade to an
actively supported IRIX operating system. See
http://support.sgi.com/irix/news/index.html#policy for more
information.
2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
SGI Support Provider or URL: http://support.sgi.com/irix/swupdates/
3) Upgrade to IRIX 6.5.10m or 6.5.10f.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
