Info

Disclosure

Sep 01, 1997

Discovery

Unknown

Dates

Exploit

May 24, 1997

Solution

Unknown

Description

IRIX contains a flaw that may allow a malicious attacker to create or corrupt files on the system. The issue is due to the login program creating files when the lockout feature is enabled. It is possible for a malicious attacker to manipulate files, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.5 or higher, as it has been reported to fix this vulnerability. Silicon Graphics, Inc. has also released patches to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround: edit the file /etc/default/login and place a "#" as the first character of the LOCKOUT line to comment out and deactivate the service.

Products

Silicon Graphics, Inc.	IRIX	5.0.x
		5.1.x
		5.2
		5.3
		6.0.x
		6.1
		6.2
		6.3
		6.4

References

CVE ID: 1999-0036 (see also: NVD)
Milw0rm: 336
Exploit Database: 336
Bugtraq ID: 392
ISS X-Force ID: 557
CERT: CA-1997-15
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX
Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/
CIAC Advisory: h-106
Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/irix-login1.c
Vendor URL: http://www.sgi.com

Credit

David Hedley - hedleycs.bris.ac.uk -

Direct URL: http://osvdb.org/36218