|
|
|
 |
Vulnerability Note VU#142228SGI IRIX vulnerable to DoS when user space program calls the PIOCSWATCH ioctl() functionOverviewA vulnerability in the SGI IRIX PIOCSWATCH ioctl() function may allow local attackers to crash the operating system.I. DescriptionSGI states that PIOCSWATCH ioctl "establishes or clears a set of watched areas in the traced process." According to SGI Security Advisory 20030603-01-P, a local attacker could crash the operating system by exploiting this vulnerability:It's been reported that non-root users can call the PIOCSWATCH ioctl() in its various invocations via a user space program and crash IRIX with a kernel panic. This could be used as a potential Denial of Service attack on the system. A local account on the system is required. II. ImpactA local attacker may be able to crash the operating system.III. SolutionThe vendor encourages users to either upgrade to IRIX 6.5.21 (when it becomes available) or apply a patch as described in SGI Security Advisory 20030603-01-P.
Referenceshttp://www.secunia.com/advisories/8996/ Thanks to SGI for reporting this vulnerability. This document was written by Ian A Finlay, and is based on information contained within the SGI Security Advisory 20030603-01-P.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||