AOH :: SGI :: IRIX5325.HTM

AOH :: SGI :: IRIX5325.HTM
nsd temporary file symlink vulnerability

2nd May 2002 [SBWID-5325]

COMMAND

	nsd temporary file symlink vulnerability

SYSTEMS AFFECTED

	IRIX 6.5 to 6.5.10

PROBLEM

	In   SGI   security   [http://www.sgi.com/support/security/]    advisory
	[20020501-01-I] :
	

	It has been reported that nsd  was  not  checking  the  permissions  and
	ownership of its dump file \"/var/tmp/nsd.dump\"  prior  to  writing  to
	it.
	

	If a user was to first create a symlink from another  file  pointing  to
	/var/tmp/nsd.dump and  then  an  already-privileged  user  sent  a  USR1
	signal to the nsd process, the file could be  damaged  or  modified.  If
	successfully exploited, this could lead to a root compromise.

SOLUTION

	Upgrade to IRIX 6.5.11 or later.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.