Info

Disclosure

Jul 14, 1997

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IRIX contains a flaw that may allow a malicious attacker to obtain a complete listing of files and directories on vulnerable systems. The issue is triggered when the File Altercation Monitor (fam) daemon is instructed by a program to monitor the root directory. It is possible that the flaw may allow retrieval of all files under the root directory, resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Misconfiguration
Impact: Loss of Confidentiality
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: disable the fam service by commenting out the entry for it in /etc/inetd.conf, and rebooting.

Products

Silicon Graphics, Inc.	IRIX	5.3
		6.1
		6.2
		6.3

References

CVE ID: 1999-0059 (see also: NVD)
ISS X-Force ID: 325
Bugtraq ID: 353
Other Advisory URL: http://packetstormsecurity.nl/advisories/nai/SNI-15.FAM.advisory
Vendor URL: http://www.sgi.com

Credit

SecurNET - snisecnet.com - SecurNET

Direct URL: http://osvdb.org/164

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Silicon Graphics, Inc.

IRIX

References

Credit