Info

Disclosure

Jun 16, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker reads and writes kernel memory via "SGI_IOPROBE" requests in the "syssgi()" system call. This flaw may allow a local attacker to gain root privileges, resulting in a loss of confidentiality and integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SGI has released a patch to address this vulnerability.

Products

Silicon Graphics, Inc.

IRIX

6.5.24

References

Secunia Advisory ID: 11872
CVE ID: 2004-0135 (see also: NVD) 2004-0136 (see also: NVD) 2004-0137 (see also: NVD)
Related OSVDB ID: 7123 7124
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc

Credit

Adam Gowdiak -

Direct URL: http://osvdb.org/7122