IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker bypasses the AUTH_UNIX authentication scheme used by the xfsmd daemon and issues remote procedure calls that mount, unmount, create, delete or modify xfs file systems. This flaw is leveraged to obtain root privileges, resulting in a loss of integrity.

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: disable the daemon.

# killall /usr/etc/xfsmd

# vi /etc/inetd.conf

Look for a line in inetd.conf that looks like this:

sgi_xfsmd/1 stream rpc/tcp wait root ?/usr/etc/xfsmd xfsmd

...and comment it out by putting a "#" at the beginning of the line:

#sgi_xfsmd/1 stream rpc/tcp wait root ?/usr/etc/xfsmd xfsmd

...or simply remove the line from the file.

# killall -HUP inetd

• CVE ID: 2002-0359 (see also: NVD)
• Bugtraq ID: 5072
• CERT VU: 521147
• ISS X-Force ID: 9401
• Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I ftp://patches.sgi.com/support/free/security/advisories/20020606-02-I
• Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I ftp://patches.sgi.com/support/free/security/advisories/20020606-02-I
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-06/0252.html
• Generic Exploit URL: http://lsd-pl.net/code/IRIX/irx_xfsmd.c
• Other Advisory URL: http://www.securityfocus.com/advisories/4221

• Last Stage of Delirium Research Group - contactlsd-pl.net - Last Stage of Delirium Research Group