Info

Disclosure

Jun 01, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IRIX rpc.mountd contains a flaw that may allow a denial of service. The issue is triggered when rpc.mountd incorrectly denies access to anonymous clients whose hostname is not listed in DNS, NIS or /etc/hosts. If an attacker were able to manipulate one of these naming services it could result in loss of availability to the service for some users.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SGI has released a patch to address this vulnerability.

Products

SGI	IRIX	6.5.25
		6.5.26
		6.5.27

References

Secunia Advisory ID: 15619
Related OSVDB ID: 17205
CVE ID: 2005-0138 (see also: NVD)
ISS X-Force ID: 20911
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050601-01-P.asc
Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/6.5.25/patch5898.tar ftp://patches.sgi.com/support/free/security/patches/6.5.26/patch5899.tar ftp://patches.sgi.com/support/free/security/patches/6.5.27/patch5899.tar

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218