|
|
SGI IRIX cvconnect File Overwrite Vulnerability
Solution: SGI suggests, as a temporary solution, to do the following (taken directly from SGI Security Advisory 20000601-01-P): 1) Become the root user on the system. % /bin/su - Password: # 2) Verify a vulnerable WorkShop suite is installed. Versions 2.6.* and lower of WorkShop are vulnerable. # versions -b WorkShop\* I = Installed, R = Removed Name Date Description I WorkShop 07/03/96 Developer Magic: WorkShop 2.6 3) Change the permissions on the vulnerable cvconnect(1M) program. # /bin/chmod 500 /usr/lib/WorkShop/cvconnect ************ *** NOTE *** ************ Removing the permissions from the vulnerable program will prevent non-root users from accessing cvconnect(1M). 4) Verify the new permissions on the program. Note that the program size may be different depending on release. # ls -l /usr/lib/WorkShop/cvconnect -r-x------ 1 root sys 428664 Sep 11 1997 cvconnect 5) Return to previous user level. # exit $ |
|
Privacy Statement |