Info

Disclosure

Jul 16, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IRIX contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker causes the Name Service Daemon (nsd) to consume all system memory via dynamic maps, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.5.21 or higher, as it has been reported to fix this vulnerability. In addition, Silicon Graphics, Inc. has released patches for some older versions.

Products

Silicon Graphics, Inc.	IRIX	6.5
		6.5.1
		6.5.2
		6.5.3
		6.5.4
		6.5.5
		6.5.6
		6.5.7
		6.5.8
		6.5.9
		6.5.10
		6.5.11
		6.5.12
		6.5.13
		6.5.14
		6.5.15m
		6.5.15f
		6.5.16m
		6.5.16f
		6.5.17m
		6.5.17f
		6.5.18m
		6.5.18f
		6.5.19m
		6.5.19f
		6.5.20m
		6.5.20f

References

ISS X-Force ID: 12635
CVE ID: 2003-0572 (see also: NVD)
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P
Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/
Vendor URL: http://www.sgi.com

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/8587