With minor modifications, this also yields root with the IRIX version of PCP 2.1 running under IRIX 6.5.10. PCP 2.2 under IRIX 6.5.11+ not tested. Under IRIX `chmod 555 /usr/pcp/bin/pmpost` mitigates the root vulnerability (and presumably some of the PCP ``Notice Board'' functionality) until a patch is available. Paul Starzetz <paulat_private> writes: > there is a symlink handling problem in the pcp suite from SGI. The > binary pmpost will follow symlinks, if setuid root this leads to instant > root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE > package, though). -- /* Dale Southard Jr. southard1at_private 925-422-1463 */ /* Computer Scientist, Accelerated Strategic Computing Initiative */ /* L-550, Lawrence Livermore National Lab, Livermore CA 94551 */ /* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 13:25:20 PDT