Vulnerability Note VU#521147
SGI IRIX rpc.xfsmd uses weak authentication mechanism for RPC authentication
The XFS file system on SGI systems allows anonymous remote users to call xfs-related RPC functions.
XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon (rpc.xfsmd) on SGI systems uses the default AUTH_UNIX authentication mechanism (a client-based security option) for its RPC service. This means the rpc.xfsmd daemon trusts that the remote system calling its RPC interface has already authenticated the remote client process via standard UNIX user id mechanisms (i.e., if a daemon only allows UID 0 [root] access to its RPC interface, it trusts remote RPC clients to be running with UID 0 [root] privileges).
As a result, any remote system able to forge UID 0 in its RPC call to vulnerable SGI rpc.xfsmd daemons can bypass the RPC authentication mechanism altogether. When exploited in conjunction with VU#195371, this could lead to the execution of arbitrary commands on vulnerable SGI systems.
A remote attacker can bypass the default AUTH_UNIX authentication mechanism for this RPC service, allowing anonymous RPC function calls
SGI has reported they will not be providing a patch for this issue. Sites are strongly urged to disable the XFS daemon and related subsystems as soon as their service requirements permit.
Per SGI Security Advisory 20020606-02-I:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SGI||Affected||-||08 Aug 2002|
CVSS Metrics (Learn More)
Last Stage of Delirium has reported this vulnerability in several public forums.
This document was written by Jeffrey S. Havrilla.
- CVE IDs: CAN-2002-0359
- Date Public: 20 Jun 2002
- Date First Published: 08 Aug 2002
- Date Last Updated: 08 Aug 2002
- Severity Metric: 10.53
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.