IRIX gr_osview Buffer Overflow Vulnerability
BID:1526
Info
IRIX gr_osview Buffer Overflow Vulnerability
| Bugtraq ID: | 1526 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0797 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 02 2000 12:00AM |
| Updated: | Jul 12 2007 11:47PM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list by LSD <[email protected]> (Last Stages of Delirium) on August 2, 2000. |
| Vulnerable: |
SGI IRIX 6.5.22 SGI IRIX 6.5.21 m SGI IRIX 6.5.21 f SGI IRIX 6.5.21 SGI IRIX 6.5.20 m SGI IRIX 6.5.20 f SGI IRIX 6.5.20 SGI IRIX 6.5.19 m SGI IRIX 6.5.19 f SGI IRIX 6.5.19 SGI IRIX 6.5.18 m SGI IRIX 6.5.18 f SGI IRIX 6.5.18 SGI IRIX 6.5.17 m SGI IRIX 6.5.17 f SGI IRIX 6.5.17 SGI IRIX 6.5.16 m SGI IRIX 6.5.16 f SGI IRIX 6.5.16 SGI IRIX 6.5.15 m SGI IRIX 6.5.15 f SGI IRIX 6.5.15 SGI IRIX 6.5.14 m SGI IRIX 6.5.14 f SGI IRIX 6.5.14 SGI IRIX 6.5.13 m SGI IRIX 6.5.13 f SGI IRIX 6.5.13 SGI IRIX 6.5.12 m SGI IRIX 6.5.12 f SGI IRIX 6.5.12 SGI IRIX 6.5.11 m SGI IRIX 6.5.11 f SGI IRIX 6.5.11 SGI IRIX 6.5.10 m SGI IRIX 6.5.10 f SGI IRIX 6.5.10 SGI IRIX 6.5.9 m SGI IRIX 6.5.9 f SGI IRIX 6.5.9 SGI IRIX 6.5.8 m SGI IRIX 6.5.8 f SGI IRIX 6.5.8 SGI IRIX 6.5.7 m SGI IRIX 6.5.7 f SGI IRIX 6.5.7 SGI IRIX 6.5.6 m SGI IRIX 6.5.6 f SGI IRIX 6.5.6 SGI IRIX 6.5.5 m SGI IRIX 6.5.5 f SGI IRIX 6.5.5 SGI IRIX 6.5.4 m SGI IRIX 6.5.4 f SGI IRIX 6.5.4 SGI IRIX 6.5.3 m SGI IRIX 6.5.3 f SGI IRIX 6.5.3 SGI IRIX 6.5.2 m SGI IRIX 6.5.2 f SGI IRIX 6.5.2 SGI IRIX 6.5.1 SGI IRIX 6.5 20 SGI IRIX 6.5 .19m SGI IRIX 6.5 .19f SGI IRIX 6.5 SGI IRIX 6.3 SGI IRIX 6.2 |
| Not Vulnerable: |
SGI IRIX 6.5.23 SGI IRIX 6.5.8 SGI IRIX 6.5.7 SGI IRIX 6.5.6 SGI IRIX 6.5.4 SGI IRIX 6.5.3 m SGI IRIX 6.5.3 f SGI IRIX 6.5.3 SGI IRIX 6.5.2 m SGI IRIX 6.5.1 SGI IRIX 6.5 SGI IRIX 6.4 |
Discussion
IRIX gr_osview Buffer Overflow Vulnerability
Under certain versions of IRIX, the 'gr_osview' command contains a buffer overflow that local attackers can exploit to gain root privileges.
The gr_osview command produces a graphical display of memory-management activity, including memory usage, page faults, TLB activity, and page swapping. This display provides a realtime window into the overall operation of the system. The buffer overflow itself is in the command-line parsing code and can be overflowed via a long user-supplied string.
Under certain versions of IRIX, the 'gr_osview' command contains a buffer overflow that local attackers can exploit to gain root privileges.
The gr_osview command produces a graphical display of memory-management activity, including memory usage, page faults, TLB activity, and page swapping. This display provides a realtime window into the overall operation of the system. The buffer overflow itself is in the command-line parsing code and can be overflowed via a long user-supplied string.
Exploit / POC
IRIX gr_osview Buffer Overflow Vulnerability
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
IRIX gr_osview Buffer Overflow Vulnerability
Solution:
SGI has released advisory 20040104-01-P to address this issue. Patch 5424 will be released for IRIX versions later than 6.5.17.
Users should upgrade to one of these versions and then apply the patch when it is available.
Please see the referenced advisory for further details.
Solution:
SGI has released advisory 20040104-01-P to address this issue. Patch 5424 will be released for IRIX versions later than 6.5.17.
Users should upgrade to one of these versions and then apply the patch when it is available.
Please see the referenced advisory for further details.