IRIX disk_bandwidth漏洞

漏洞信息详情

IRIX disk_bandwidth漏洞

• CNNVD编号：CNNVD-199807-002
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-0313
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1998-07-01
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-11-16
  
• 厂        商：
  
  sgi
• 漏洞来源：
  An advisory was po…

Origin/Onyx2中SGI IRIX 6.4 S2MP的disk_bandwidth存在漏洞，本地用户利用该漏洞使用相对路径名获取根访问的权限。

SGI recommends changing the permissions of the disk_bandwidth program to allow execution only by system administrators. Removing the setuid bit, and restricting the file permissions to allow only for execution by root, or those in a specific group will eliminate this vulnerability, so long as these users do not have ‘.’ as the first element in their path; this would allow an attacker to possibly still perform the attack, by waiting for the administrator to execute the program in a specific directory.
# chmod 500 /sbin/disk_bandwidth

来源: XF
名称: sgi-disk-bandwidth(1441)
链接:http://xforce.iss.net/xforce/xfdb/1441

来源: BID
名称: 214
链接:http://www.securityfocus.com/bid/214

来源: www.securityfocus.com
链接:http://www.securityfocus.com/bid/213/exploit

来源: OSVDB
名称: 936
链接:http://www.osvdb.org/936

来源: SGI
名称: 19980701-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P