CVE-2002-0359

xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=102459162909825&w=2
http://www.iss.net/security_center/static/9401.php
http://www.kb.cert.org/vuls/id/521147	US Government Resource
http://www.securityfocus.com/bid/5072
ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=102459162909825&w=2
http://www.iss.net/security_center/static/9401.php
http://www.kb.cert.org/vuls/id/521147	US Government Resource
http://www.securityfocus.com/bid/5072

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sgi:irix:6.2:::::::*
	cpe:2.3:o:sgi:irix:6.3:::::::*
	cpe:2.3:o:sgi:irix:6.4:::::::*
	cpe:2.3:o:sgi:irix:6.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.1:::::::*
	cpe:2.3:o:sgi:irix:6.5.2:::::::*
	cpe:2.3:o:sgi:irix:6.5.2f:::::::*
	cpe:2.3:o:sgi:irix:6.5.2m:::::::*
	cpe:2.3:o:sgi:irix:6.5.3:::::::*
	cpe:2.3:o:sgi:irix:6.5.3f:::::::*
	cpe:2.3:o:sgi:irix:6.5.3m:::::::*
	cpe:2.3:o:sgi:irix:6.5.4:::::::*
	cpe:2.3:o:sgi:irix:6.5.4f:::::::*
	cpe:2.3:o:sgi:irix:6.5.4m:::::::*
	cpe:2.3:o:sgi:irix:6.5.5:::::::*
	cpe:2.3:o:sgi:irix:6.5.5f:::::::*
	cpe:2.3:o:sgi:irix:6.5.5m:::::::*
	cpe:2.3:o:sgi:irix:6.5.6:::::::*
	cpe:2.3:o:sgi:irix:6.5.6f:::::::*
	cpe:2.3:o:sgi:irix:6.5.6m:::::::*
	cpe:2.3:o:sgi:irix:6.5.7:::::::*
	cpe:2.3:o:sgi:irix:6.5.7f:::::::*
	cpe:2.3:o:sgi:irix:6.5.7m:::::::*
	cpe:2.3:o:sgi:irix:6.5.8:::::::*
	cpe:2.3:o:sgi:irix:6.5.8f:::::::*
	cpe:2.3:o:sgi:irix:6.5.8m:::::::*
	cpe:2.3:o:sgi:irix:6.5.9:::::::*
	cpe:2.3:o:sgi:irix:6.5.9f:::::::*
	cpe:2.3:o:sgi:irix:6.5.9m:::::::*
	cpe:2.3:o:sgi:irix:6.5.10:::::::*
	cpe:2.3:o:sgi:irix:6.5.10f:::::::*
	cpe:2.3:o:sgi:irix:6.5.10m:::::::*
	cpe:2.3:o:sgi:irix:6.5.11:::::::*
	cpe:2.3:o:sgi:irix:6.5.11f:::::::*
	cpe:2.3:o:sgi:irix:6.5.11m:::::::*
	cpe:2.3:o:sgi:irix:6.5.12:::::::*
	cpe:2.3:o:sgi:irix:6.5.12f:::::::*
	cpe:2.3:o:sgi:irix:6.5.12m:::::::*
	cpe:2.3:o:sgi:irix:6.5.13:::::::*
	cpe:2.3:o:sgi:irix:6.5.13f:::::::*
	cpe:2.3:o:sgi:irix:6.5.13m:::::::*
	cpe:2.3:o:sgi:irix:6.5.14:::::::*
	cpe:2.3:o:sgi:irix:6.5.14f:::::::*
	cpe:2.3:o:sgi:irix:6.5.14m:::::::*
	cpe:2.3:o:sgi:irix:6.5.15:::::::*
	cpe:2.3:o:sgi:irix:6.5.15f:::::::*
	cpe:2.3:o:sgi:irix:6.5.15m:::::::*
	cpe:2.3:o:sgi:irix:6.5.16:::::::*

History

20 Nov 2024, 23:38

Type	Values Removed	Values Added
References	~~() ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I - Patch, Vendor Advisory~~	() ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I - Patch, Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=102459162909825&w=2 -~~	() http://marc.info/?l=bugtraq&m=102459162909825&w=2 -
References	~~() http://www.iss.net/security_center/static/9401.php -~~	() http://www.iss.net/security_center/static/9401.php -
References	~~() http://www.kb.cert.org/vuls/id/521147 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/521147 - US Government Resource
References	~~() http://www.securityfocus.com/bid/5072 -~~	() http://www.securityfocus.com/bid/5072 -

Information

Published : 2002-07-03 04:00

Updated : 2024-11-20 23:38

NVD link : CVE-2002-0359

Mitre link : CVE-2002-0359

CVE.ORG link : CVE-2002-0359

JSON object : View

Products Affected

sgi

irix

CWE

NVD-CWE-Other

10.0 /10