|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
IRIX contains a flaw that may allow a malicious attacker to create or corrupt files on the system. The issue is due to the login program creating files when the lockout feature is enabled. It is possible for a malicious attacker to manipulate files, resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
This vulnerability is only present when LOCKOUT is set to a number greater than 0 in the /etc/default/login file, which is the number of failed attempts allowable before a user account becomes locked and unusable.
|
|
Solution |
Upgrade to version 6.5 or higher, as it has been reported to fix this vulnerability. Silicon Graphics, Inc. has also released patches to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround: edit the file /etc/default/login and place a "#" as the first character of the LOCKOUT line to comment out and deactivate the service.
|
|
Products |
|
IRIX
 |
6.2 |
6.3 |
6.4 |
5.0.x |
5.1.x |
5.2 |
5.3 |
6.0.x |
6.1 |
|
|
|
|
Credit |
- David Hedley - hedley
 cs.bris.ac.uk -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
