IRIX fam service Vulnerability

IRIX fam service Vulnerability

IRIX workstations commonly run a service known as "fam" (file alteration monitor). This service allows any user to obtain a complete listing of files and directories on vulnerable systems.

The fam service, RPC program 391002, is used by other programs to keep track of file modifications. When a program initially connects to the fam server, it passes the fam server the name of a file or directory to watch. If the fam server is passed a directory, it immediately gives the client a complete list of files and subdirectories in that directory. By passing the fam server a request to monitor the root directory, and following subdirectories from there, an attacker can remotely obtain a complete list of files on the system.