GEN:SID | 1:2017 |
Message | RPC portmap espd request UDP |
Summary | Embedded Support Partner (ESP) is an integral part of the SGI IRIX operating system to enable remote support for the operating system
A vulnerability exists in the Embedded Support Partner Daemon (ESP) that could lead to arbitrary commands being executed on a target host.
|
Impact | Remote super user access leading to a compromise of the target machine along with any network resources that machine is connected to.
|
Detailed Information | The ESP daemon is an RPC (Remote Procedure Call) resource used on SGI IRIX systems. The ESP daemon runs with the privileges of the root user. IRIX version 6.5.8 and prior are susceptible to a buffer overflow of the ESP daemon leading to a remote root compromise of the affected host.
|
Affected Systems | SGI IRIX 6.5.8 and earlier.
|
Attack Scenarios | The attacker would need to craft a packet that would lead to the buffer overflow. No current exploits are available.
|
Ease of Attack | Difficult
|
Corrective Action | All systems running vulnerable versions of rpc.espd should have the appropriate patch applied.
Additionally, the ESP daemon should be disabled where not needed by commenting out the appropriate line in inetd.conf. The daemon itself can be made non-executable by removal of the x bit (chmod -x rpc.espd).
RPC services should not be available outside the local area network, filter RPC ports at the firewall to ensure access is denied to RPC enabled machines.
|
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0331
Bugtraq: http://www.securityfocus.com/bid/2714
|
Rule References | bugtraq: 2714
cve: 2001-0331
|