GEN:SID | 1:711 |
Message | TELNET SGI telnetd format bug |
Summary | This event is generated when an attempt is made to exploit a flaw in SGI IRIX's telnetd.
|
Impact | Serious. Arbitrary code execution. Possible remote root compromise of the host.
|
Detailed Information | When setting one of the _RDL environment variables, IRIX's telnetd logs the information via syslog. When telnetd calls syslog, it is possible to manipulate the variable to overwrite values on the stack so that code given is executed as the user telnetd is run as, typically root.
|
Affected Systems | SGI IRIX versions 6.2 to 6.5.8 SGI IRIX versions 5.2 to 6.1 with patches 1010 and 1020.
|
Attack Scenarios | An attacker can gain a root shell with this attack.
|
Ease of Attack | Simple. Exploit code exisits and is readily available.
|
Corrective Action | Apply patch from SGI.
|
Additional References | Arachnids: http://www.whitehats.com/info/IDS304
Bugtraq: http://www.securityfocus.com/bid/1572
|
Rule References | arachnids: 304
bugtraq: 1572
cve: 2000-0733
|